summaryrefslogtreecommitdiff
path: root/hosts/surtr/email
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/email')
-rw-r--r--hosts/surtr/email/default.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0e2a78eb..01c22ce5 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -716,6 +716,8 @@ in {
716 716
717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" { 717 virtualHosts = listToAttrs (map (domain: nameValuePair "spm.${domain}" {
718 forceSSL = true; 718 forceSSL = true;
719 kTLS = true;
720 http3 = true;
719 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem"; 721 sslCertificate = "/run/credentials/nginx.service/spm.${domain}.pem";
720 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem"; 722 sslCertificateKey = "/run/credentials/nginx.service/spm.${domain}.key.pem";
721 extraConfig = '' 723 extraConfig = ''
@@ -734,6 +736,8 @@ in {
734 }; 736 };
735 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" { 737 }) spmDomains) // listToAttrs (map (domain: nameValuePair "mta-sts.${domain}" {
736 forceSSL = true; 738 forceSSL = true;
739 kTLS = true;
740 http3 = true;
737 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem"; 741 sslCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.pem";
738 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem"; 742 sslCertificateKey = "/run/credentials/nginx.service/mta-sts.${domain}.key.pem";
739 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem"; 743 sslTrustedCertificate = "/run/credentials/nginx.service/mta-sts.${domain}.chain.pem";
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 18:12:18 +0000