2 files changed, 30 insertions, 0 deletions
diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix
index b643ded6..0e13acf7 100644
--- a/hosts/surtr/http/default.nix
+++ b/hosts/surtr/http/default.nix
@@ -2,6 +2,7 @@
 {
  imports = [
    ./webdav
+    ./online.nix
  ];
  config = {
diff --git a/hosts/surtr/http/online.nix b/hosts/surtr/http/online.nix
new file mode 100644
index 00000000..daad65d9
--- /dev/null
+++ b/hosts/surtr/http/online.nix
@@ -0,0 +1,29 @@
+{ config, ... }:
+{
+  config = {
+    services.nginx.virtualHosts."online.yggdrasil.li" = {
+      forceSSL = true;
+      kTLS = true;
+      http3 = true;
+      sslCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.pem";
+      sslCertificateKey = "/run/credentials/nginx.service/online.yggdrasil.li.key.pem";
+      sslTrustedCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.chain.pem";
+      locations."/".extraConfig = ''
+        add_header X-NetworkManager-Status online;
+        add_header Cache-Control "max-age=0, must-revalidate";
+        return 204;
+      '';
+    };
+    security.acme.rfc2136Domains."online.yggdrasil.li" = {
+      restartUnits = ["nginx.service"];
+    };
+    systemd.services.nginx.serviceConfig = {
+      LoadCredential = [
+        "online.yggdrasil.li.key.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/key.pem"
+        "online.yggdrasil.li.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/fullchain.pem"
+        "online.yggdrasil.li.chain.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/chain.pem"
+      ];
+    };
+  };
+}

diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix index b643ded6..0e13acf7 100644 --- a/hosts/surtr/http/default.nix +++ b/hosts/surtr/http/default.nix
@@ -2,6 +2,7 @@
2	{	2	{
3	imports = [	3	imports = [
4	./webdav	4	./webdav
		5	./online.nix
5	];	6	];
6		7
7	config = {	8	config = {


diff --git a/hosts/surtr/http/online.nix b/hosts/surtr/http/online.nix new file mode 100644 index 00000000..daad65d9 --- /dev/null +++ b/hosts/surtr/http/online.nix
@@ -0,0 +1,29 @@
		1	{ config, ... }:
		2	{
		3	config = {
		4	services.nginx.virtualHosts."online.yggdrasil.li" = {
		5	forceSSL = true;
		6	kTLS = true;
		7	http3 = true;
		8	sslCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.pem";
		9	sslCertificateKey = "/run/credentials/nginx.service/online.yggdrasil.li.key.pem";
		10	sslTrustedCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.chain.pem";
		11
		12	locations."/".extraConfig = ''
		13	add_header X-NetworkManager-Status online;
		14	add_header Cache-Control "max-age=0, must-revalidate";
		15	return 204;
		16	'';
		17	};
		18	security.acme.rfc2136Domains."online.yggdrasil.li" = {
		19	restartUnits = ["nginx.service"];
		20	};
		21	systemd.services.nginx.serviceConfig = {
		22	LoadCredential = [
		23	"online.yggdrasil.li.key.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/key.pem"
		24	"online.yggdrasil.li.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/fullchain.pem"
		25	"online.yggdrasil.li.chain.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/chain.pem"
		26	];
		27	};
		28	};
		29	}