diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 16:09:43 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 16:19:44 +0100 |
commit | 68645f75136d6e82bfb7e27b50c531d1b416c4d5 (patch) | |
tree | 12f4804798ad4c78507b05f5e3573a11c7ab8b0c /hosts/surtr/email/default.nix | |
parent | 5915a25064e01c38c49787322ca1309d0da0386a (diff) | |
download | nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.gz nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.bz2 nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.tar.xz nixos-68645f75136d6e82bfb7e27b50c531d1b416c4d5.zip |
...
Diffstat (limited to 'hosts/surtr/email/default.nix')
-rw-r--r-- | hosts/surtr/email/default.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 0e2a78eb..01c22ce5 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -716,6 +716,8 @@ in { | |||
716 | 716 | ||
717 | virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" { | 717 | virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" { |
718 | forceSSL = true; | 718 | forceSSL = true; |
719 | kTLS = true; | ||
720 | http3 = true; | ||
719 | sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem"; | 721 | sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem"; |
720 | sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem"; | 722 | sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem"; |
721 | extraConfig = '' | 723 | extraConfig = '' |
@@ -734,6 +736,8 @@ in { | |||
734 | }; | 736 | }; |
735 | }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" { | 737 | }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" { |
736 | forceSSL = true; | 738 | forceSSL = true; |
739 | kTLS = true; | ||
740 | http3 = true; | ||
737 | sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem"; | 741 | sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem"; |
738 | sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem"; | 742 | sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem"; |
739 | sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem"; | 743 | sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem"; |