From 2d4155fc3cb279f1bdf697a00b1860be32c79a38 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Wed, 30 Nov 2022 06:29:27 -0300 Subject: system.scm: Add config for mta-sts subdomain --- src/infrastructure/guix/system.scm | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index 0b4f285..709ddd5 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -1120,6 +1120,7 @@ (define tld "euandre.org") +(define mta-sts.tld (string-append "mta-sts." tld)) (define whoami "andreh") (define me "eu") (define public-me (format #f "~a@~a" me tld)) @@ -1261,6 +1262,27 @@ (nginx-configuration (server-blocks (list + (nginx-server-configuration + (server-name (list mta-sts.tld)) + (listen '("[::]:443 ssl http2" "443 ssl http2")) + (ssl-certificate (format #f "/etc/letsencrypt/live/~a/fullchain.pem" tld)) + (ssl-certificate-key (format #f "/etc/letsencrypt/live/~a/privkey.pem" tld)) + (locations + (list + (nginx-location-configuration + (uri "= /.well-known/mta-sts.txt") + (body + (list + (list "alias " + (plain-file + "mta-sts.txt" + #"- + version: STSv1 + mode: enforce + mx: euandre.org + max_age: 604800 + "#) + ";"))))))) (nginx-server-configuration (server-name (list tld)) (listen '("[::]:443 ssl http2" "443 ssl http2")) @@ -1341,7 +1363,7 @@ (certificates (list (certificate-configuration - (domains (list tld)) + (domains (list tld mta-sts.tld)) (deploy-hook (program-file (string-append tld "-deploy-hook") -- cgit v1.2.3