From f44f4bc6cf220980bceda35a6b7a78b7340868ea Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 1 Feb 2022 13:00:41 +0100
Subject: ...

---
 hosts/surtr/http.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
index cfd99b53..fb22492f 100644
--- a/hosts/surtr/http.nix
+++ b/hosts/surtr/http.nix
@@ -32,6 +32,7 @@
           forceSSL = true;
           sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";
           sslCertificateKey = "/run/credentials/nginx.service/webdav.141.li.key.pem";
+          sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem";
           locations."/".extraConfig = ''
             root /srv/files/$remote_user;            
 
@@ -69,6 +70,7 @@
         LoadCredential = [
           "webdav.141.li.key.pem:${config.security.acme.certs."webdav.141.li".directory}/key.pem"
           "webdav.141.li.pem:${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem"
+          "webdav.141.li.chain.pem:${config.security.acme.certs."webdav.141.li".directory}/chain.pem"
         ];
         RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
         RuntimeDirectoryMode = "0750";
-- 
cgit v1.2.3