blob: daad65d91a834574df03b1261e43833b1669563d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
{ config, ... }:
{
config = {
services.nginx.virtualHosts."online.yggdrasil.li" = {
forceSSL = true;
kTLS = true;
http3 = true;
sslCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.pem";
sslCertificateKey = "/run/credentials/nginx.service/online.yggdrasil.li.key.pem";
sslTrustedCertificate = "/run/credentials/nginx.service/online.yggdrasil.li.chain.pem";
locations."/".extraConfig = ''
add_header X-NetworkManager-Status online;
add_header Cache-Control "max-age=0, must-revalidate";
return 204;
'';
};
security.acme.rfc2136Domains."online.yggdrasil.li" = {
restartUnits = ["nginx.service"];
};
systemd.services.nginx.serviceConfig = {
LoadCredential = [
"online.yggdrasil.li.key.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/key.pem"
"online.yggdrasil.li.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/fullchain.pem"
"online.yggdrasil.li.chain.pem:${config.security.acme.certs."online.yggdrasil.li".directory}/chain.pem"
];
};
};
}
|
