summaryrefslogtreecommitdiff
path: root/hosts/surtr/email/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-01-30 16:09:43 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-01-30 16:19:44 +0100
commit68645f75136d6e82bfb7e27b50c531d1b416c4d5 (patch)
tree12f4804798ad4c78507b05f5e3573a11c7ab8b0c /hosts/surtr/email/default.nix
parent5915a25064e01c38c49787322ca1309d0da0386a (diff)
downloadnixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar
nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.gz
nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.bz2
nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.xz
nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.zip
...
Diffstat (limited to 'hosts/surtr/email/default.nix')
-rw-r--r--hosts/surtr/email/default.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0e2a78eb..01c22ce5 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -716,6 +716,8 @@ in {
716 716
717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" { 717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" {
718 forceSSL = true; 718 forceSSL = true;
719 kTLS = true;
720 http3 = true;
719 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem"; 721 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem";
720 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem"; 722 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem";
721 extraConfig = '' 723 extraConfig = ''
@@ -734,6 +736,8 @@ in {
734 }; 736 };
735 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" { 737 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" {
736 forceSSL = true; 738 forceSSL = true;
739 kTLS = true;
740 http3 = true;
737 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem"; 741 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem";
738 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem"; 742 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem";
739 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem"; 743 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem";