5 files changed, 10 insertions, 21 deletions

diff --git a/services/nginx/fs/etc/nginx/templates/default.conf.template b/services/nginx/fs/etc/nginx/templates/default.conf.template
index f90b61a..e35cc41 100644
--- a/services/nginx/fs/etc/nginx/templates/default.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/default.conf.template
@@ -20,8 +20,8 @@ server {
 
     server_name ${NGINX__HOST} www.${NGINX__HOST};
 
-    ssl_certificate     /run/secrets/server.crt;
-    ssl_certificate_key /run/secrets/server.key;
+    ssl_certificate     /etc/certs/server.crt;
+    ssl_certificate_key /etc/certs/server.key;
 
     location / {
         root /srv;
@@ -34,8 +34,8 @@ server {
 
     server_name _;
 
-    ssl_certificate     /run/secrets/server.crt;
-    ssl_certificate_key /run/secrets/server.key;
+    ssl_certificate     /etc/certs/server.crt;
+    ssl_certificate_key /etc/certs/server.key;
 
     return 444;
 }
diff --git a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template
index c0fa070..4abcee9 100644
--- a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template
@@ -4,8 +4,8 @@ server {
 
     server_name git.${NGINX__HOST};
 
-    ssl_certificate     /run/secrets/server.crt;
-    ssl_certificate_key /run/secrets/server.key;
+    ssl_certificate     /etc/certs/server.crt;
+    ssl_certificate_key /etc/certs/server.key;
 
     location / {
         proxy_pass http://cgit:80;
diff --git a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template
index d6e4617..d0fd944 100644
--- a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template
@@ -4,8 +4,8 @@ server {
 
     server_name dav.${NGINX__HOST};
 
-    ssl_certificate     /run/secrets/server.crt;
-    ssl_certificate_key /run/secrets/server.key;
+    ssl_certificate     /etc/certs/server.crt;
+    ssl_certificate_key /etc/certs/server.key;
 
     location / {
         proxy_pass        http://radicale:5232;
diff --git a/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template
index 31c90bb..1060588 100644
--- a/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template
@@ -4,8 +4,8 @@ server {
 
     server_name sync.${NGINX__HOST};
 
-    ssl_certificate     /run/secrets/server.crt;
-    ssl_certificate_key /run/secrets/server.key;
+    ssl_certificate     /etc/certs/server.crt;
+    ssl_certificate_key /etc/certs/server.key;
 
     location / {
         proxy_pass http://syncthing:8384;
diff --git a/services/nginx/fs/sbin/cmd.bash b/services/nginx/fs/sbin/cmd.bash
deleted file mode 100755
index e024b4f..0000000
--- a/services/nginx/fs/sbin/cmd.bash
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/bash
-set -eu
-
-# Install sensitive data in tmpfs
-install --mode 400 /run/host_secrets/server.crt /run/secrets/server.crt
-install --mode 400 /run/host_secrets/server.key /run/secrets/server.key
-
-# We have to run the entrypoint again
-# Because if the first positional parameter is not "nginx" or "nginx-debug" the scripts in /docker-entrypoint.d are not ran.
-# https://github.com/nginx/docker-nginx/blob/master/stable/debian/docker-entrypoint.sh
-exec /docker-entrypoint.sh nginx -g "daemon off;"