1 files changed, 24 insertions, 0 deletions
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 01ea2aee..a5811612 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -138,6 +138,18 @@
          };
        };
      };
+      virtualHosts."admin.synapse.li" = {
+        forceSSL = true;
+        sslCertificate = "/run/credentials/nginx.service/admin.synapse.li.pem";
+        sslCertificateKey = "/run/credentials/nginx.service/admin.synapse.li.key.pem";
+        sslTrustedCertificate = "/run/credentials/nginx.service/admin.synapse.li.chain.pem";
+        extraConfig = ''
+          add_header Strict-Transport-Security "max-age=63072000" always;
+        '';
+        root = pkgs.synapse-admin;
+      };
    };
    security.acme.domains = {
@@ -149,6 +161,14 @@
          '';
        };
      };
+      "admin.synapse.li" = {
+        zone = "synapse.li";
+        certCfg = {
+          postRun = ''
+            ${pkgs.systemd}/bin/systemctl try-restart nginx.service
+          '';
+        };
+      };
      "turn.synapse.li" = {
        zone = "synapse.li";
        certCfg = {
@@ -178,6 +198,10 @@
          "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
          "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
          "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
+          "admin.synapse.li.key.pem:${config.security.acme.certs."admin.synapse.li".directory}/key.pem"
+          "admin.synapse.li.pem:${config.security.acme.certs."admin.synapse.li".directory}/fullchain.pem"
+          "admin.synapse.li.chain.pem:${config.security.acme.certs."admin.synapse.li".directory}/chain.pem"
        ];
      };
    };

diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 01ea2aee..a5811612 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix
@@ -138,6 +138,18 @@
138	};	138	};
139	};	139	};
140	};	140	};
		141
		142	virtualHosts."admin.synapse.li" = {
		143	forceSSL = true;
		144	sslCertificate = "/run/credentials/nginx.service/admin.synapse.li.pem";
		145	sslCertificateKey = "/run/credentials/nginx.service/admin.synapse.li.key.pem";
		146	sslTrustedCertificate = "/run/credentials/nginx.service/admin.synapse.li.chain.pem";
		147	extraConfig = ''
		148	add_header Strict-Transport-Security "max-age=63072000" always;
		149	'';
		150
		151	root = pkgs.synapse-admin;
		152	};
141	};	153	};
142		154
143	security.acme.domains = {	155	security.acme.domains = {
@@ -149,6 +161,14 @@
149	'';	161	'';
150	};	162	};
151	};	163	};
		164	"admin.synapse.li" = {
		165	zone = "synapse.li";
		166	certCfg = {
		167	postRun = ''
		168	${pkgs.systemd}/bin/systemctl try-restart nginx.service
		169	'';
		170	};
		171	};
152	"turn.synapse.li" = {	172	"turn.synapse.li" = {
153	zone = "synapse.li";	173	zone = "synapse.li";
154	certCfg = {	174	certCfg = {
@@ -178,6 +198,10 @@
178	"element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"	198	"element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
179	"element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"	199	"element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
180	"element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"	200	"element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
		201
		202	"admin.synapse.li.key.pem:${config.security.acme.certs."admin.synapse.li".directory}/key.pem"
		203	"admin.synapse.li.pem:${config.security.acme.certs."admin.synapse.li".directory}/fullchain.pem"
		204	"admin.synapse.li.chain.pem:${config.security.acme.certs."admin.synapse.li".directory}/chain.pem"
181	];	205	];
182	};	206	};
183	};	207	};