diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/infrastructure/guix/system.scm | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index 0b4f285..709ddd5 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -1120,6 +1120,7 @@ (define tld "euandre.org") +(define mta-sts.tld (string-append "mta-sts." tld)) (define whoami "andreh") (define me "eu") (define public-me (format #f "~a@~a" me tld)) @@ -1262,6 +1263,27 @@ (server-blocks (list (nginx-server-configuration + (server-name (list mta-sts.tld)) + (listen '("[::]:443 ssl http2" "443 ssl http2")) + (ssl-certificate (format #f "/etc/letsencrypt/live/~a/fullchain.pem" tld)) + (ssl-certificate-key (format #f "/etc/letsencrypt/live/~a/privkey.pem" tld)) + (locations + (list + (nginx-location-configuration + (uri "= /.well-known/mta-sts.txt") + (body + (list + (list "alias " + (plain-file + "mta-sts.txt" + #"- + version: STSv1 + mode: enforce + mx: euandre.org + max_age: 604800 + "#) + ";"))))))) + (nginx-server-configuration (server-name (list tld)) (listen '("[::]:443 ssl http2" "443 ssl http2")) (root "/srv/www") @@ -1341,7 +1363,7 @@ (certificates (list (certificate-configuration - (domains (list tld)) + (domains (list tld mta-sts.tld)) (deploy-hook (program-file (string-append tld "-deploy-hook") |