summaryrefslogtreecommitdiff
path: root/hosts/surtr/email/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-01-31 13:31:37 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-01-31 13:31:37 +0100
commit60adb4c9388816d8b8eb17b2e844de8d1e0dc081 (patch)
tree2d40a05364ea1d3edd0b9cd7748a0683fa20a477 /hosts/surtr/email/default.nix
parent41be54745e76d6b14221157d1e4474e980e2e70a (diff)
downloadnixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.gz
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.bz2
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.tar.xz
nixos-60adb4c9388816d8b8eb17b2e844de8d1e0dc081.zip
Revert "Revert "...""
This reverts commit 1e82933a01dcc3810d635567dbef0de286c1e8f2.
Diffstat (limited to 'hosts/surtr/email/default.nix')
-rw-r--r--hosts/surtr/email/default.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0e2a78eb..01c22ce5 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -716,6 +716,8 @@ in {
716 716
717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" { 717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" {
718 forceSSL = true; 718 forceSSL = true;
719 kTLS = true;
720 http3 = true;
719 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem"; 721 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem";
720 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem"; 722 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem";
721 extraConfig = '' 723 extraConfig = ''
@@ -734,6 +736,8 @@ in {
734 }; 736 };
735 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" { 737 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" {
736 forceSSL = true; 738 forceSSL = true;
739 kTLS = true;
740 http3 = true;
737 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem"; 741 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem";
738 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem"; 742 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem";
739 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem"; 743 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem";