From f8cec37ed3fda24dd3e834120b0f6dbcf95e54d2 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 27 Feb 2022 16:48:35 +0100 Subject: surtr: synapse-admin --- hosts/surtr/matrix/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'hosts/surtr/matrix') diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 01ea2aee..a5811612 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix @@ -138,6 +138,18 @@ }; }; }; + + virtualHosts."admin.synapse.li" = { + forceSSL = true; + sslCertificate = "/run/credentials/nginx.service/admin.synapse.li.pem"; + sslCertificateKey = "/run/credentials/nginx.service/admin.synapse.li.key.pem"; + sslTrustedCertificate = "/run/credentials/nginx.service/admin.synapse.li.chain.pem"; + extraConfig = '' + add_header Strict-Transport-Security "max-age=63072000" always; + ''; + + root = pkgs.synapse-admin; + }; }; security.acme.domains = { @@ -149,6 +161,14 @@ ''; }; }; + "admin.synapse.li" = { + zone = "synapse.li"; + certCfg = { + postRun = '' + ${pkgs.systemd}/bin/systemctl try-restart nginx.service + ''; + }; + }; "turn.synapse.li" = { zone = "synapse.li"; certCfg = { @@ -178,6 +198,10 @@ "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem" "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem" "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem" + + "admin.synapse.li.key.pem:${config.security.acme.certs."admin.synapse.li".directory}/key.pem" + "admin.synapse.li.pem:${config.security.acme.certs."admin.synapse.li".directory}/fullchain.pem" + "admin.synapse.li.chain.pem:${config.security.acme.certs."admin.synapse.li".directory}/chain.pem" ]; }; }; -- cgit v1.2.3