From 8b330460046cf013788766e59801afdfc2d19e64 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Tue, 29 Mar 2022 13:05:35 -0300
Subject: src/infrastructure/machines.scm: Add p.arrobaponto.org with HTTP
 basic auth

---
 src/infrastructure/machines.scm | 43 +++++++++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 14 deletions(-)

(limited to 'src/infrastructure')

diff --git a/src/infrastructure/machines.scm b/src/infrastructure/machines.scm
index c4ea0f2..89d2a7c 100644
--- a/src/infrastructure/machines.scm
+++ b/src/infrastructure/machines.scm
@@ -286,28 +286,43 @@
             ("infokey"       ,infokey)
             ("with-email.sh" ,with-email.sh)))
         (service certbot-service-type
-          (certbot-configuration
-            (email "eu@euandre.org")
-            (certificates
-              (list
-               (certificate-configuration
-                 (domains '("arrobaponto.org"))
-                 (deploy-hook
-                   (program-file
-                    "nginx-deploy-hook"
-                    #~(let ((pid (call-with-input-file
-                                  "/var/run/nginx/pid"
-                                  read)))
-                        (kill pid SIGHUP)))))))))
+          (let ((hook (program-file
+                       "nginx-deploy-hook"
+                       #~(let ((pid (call-with-input-file
+                                     "/var/run/nginx/pid"
+                                     read)))
+                           (kill pid SIGHUP)))))
+            (certbot-configuration
+              (email "eu@euandre.org")
+              (certificates
+                (list
+                 (certificate-configuration
+                   (domains '("p.arrobaponto.org"))
+                   (deploy-hook hook))
+                 (certificate-configuration
+                   (domains '("arrobaponto.org"))
+                   (deploy-hook hook)))))))
         (service nginx-service-type
           (nginx-configuration
             (run-directory "/var/run/nginx")
             (server-blocks
               (list
+               (nginx-server-configuration
+                 (server-name '("p.arrobaponto.org"))
+                 (listen '("[::]:443 ssl http2" "443 ssl http2"))
+                 (root "/opt/www/p.arrobaponto.org/static")
+                 (ssl-certificate     "/etc/letsencrypt/live/p.arrobaponto.org/fullchain.pem")
+                 (ssl-certificate-key "/etc/letsencrypt/live/p.arrobaponto.org/privkey.pem")
+                 (raw-content '(#"""-
+                                  autoindex on;
+                                  add_header Strict-Transport-Security 'max-age=86400; includeSubdomains' always;
+                                  auth_basic "Privado";
+                                  auth_basic_user_file /opt/www/p.arrobaponto.org/secrets/htpasswd;
+                                  """#)))
                (nginx-server-configuration
                  (server-name '("arrobaponto.org"))
                  (listen '("[::]:443 ssl http2" "443 ssl http2"))
-                 (root "/opt/www/arrobaponto.org/static/")
+                 (root "/opt/www/arrobaponto.org/static")
                  (ssl-certificate     "/etc/letsencrypt/live/arrobaponto.org/fullchain.pem")
                  (ssl-certificate-key "/etc/letsencrypt/live/arrobaponto.org/privkey.pem")
                  (raw-content '(#"""-
-- 
cgit v1.2.3