From f8cec37ed3fda24dd3e834120b0f6dbcf95e54d2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 27 Feb 2022 16:48:35 +0100
Subject: surtr: synapse-admin

---
 hosts/surtr/matrix/default.nix | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'hosts/surtr/matrix/default.nix')

diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 01ea2aee..a5811612 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -138,6 +138,18 @@
           };
         };
       };
+
+      virtualHosts."admin.synapse.li" = {
+        forceSSL = true;
+        sslCertificate = "/run/credentials/nginx.service/admin.synapse.li.pem";
+        sslCertificateKey = "/run/credentials/nginx.service/admin.synapse.li.key.pem";
+        sslTrustedCertificate = "/run/credentials/nginx.service/admin.synapse.li.chain.pem";
+        extraConfig = ''
+          add_header Strict-Transport-Security "max-age=63072000" always;
+        '';
+
+        root = pkgs.synapse-admin;
+      };
     };
 
     security.acme.domains = {
@@ -149,6 +161,14 @@
           '';
         };
       };
+      "admin.synapse.li" = {
+        zone = "synapse.li";
+        certCfg = {
+          postRun = ''
+            ${pkgs.systemd}/bin/systemctl try-restart nginx.service
+          '';
+        };
+      };
       "turn.synapse.li" = {
         zone = "synapse.li";
         certCfg = {
@@ -178,6 +198,10 @@
           "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
           "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
           "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
+
+          "admin.synapse.li.key.pem:${config.security.acme.certs."admin.synapse.li".directory}/key.pem"
+          "admin.synapse.li.pem:${config.security.acme.certs."admin.synapse.li".directory}/fullchain.pem"
+          "admin.synapse.li.chain.pem:${config.security.acme.certs."admin.synapse.li".directory}/chain.pem"
         ];
       };
     };
-- 
cgit v1.2.3