45 lines
1.1 KiB
Nix
45 lines
1.1 KiB
Nix
{ my, ... }:
|
|
|
|
{
|
|
security.acme.certs.${my.domain}.extraDomainNames = [
|
|
"christoph-heiss.me"
|
|
"christoph-heiss.at"
|
|
"www.christoph-heiss.me"
|
|
"*.christoph-heiss.at"
|
|
];
|
|
|
|
services.nginx.virtualHosts."c8h4.io" = {
|
|
default = true;
|
|
forceSSL = true;
|
|
useACMEHost = my.domain;
|
|
kTLS = true;
|
|
root = "/var/www/c8h4.io";
|
|
locations = {
|
|
"/".tryFiles = "$uri $uri/index.html @redirect";
|
|
"~ ^/(gpg\\.asc|ssh\\.keys)$".extraConfig = ''
|
|
types { }
|
|
default_type text/plain;
|
|
'';
|
|
"@redirect".return = "301 $scheme://$http_host";
|
|
};
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
'';
|
|
};
|
|
|
|
services.nginx.virtualHosts."christoph-heiss.at" = {
|
|
forceSSL = true;
|
|
useACMEHost = my.domain;
|
|
kTLS = true;
|
|
globalRedirect = "c8h4.io";
|
|
serverAliases = [
|
|
"www.christoph-heiss.at"
|
|
"christoph-heiss.me"
|
|
"www.christoph-heiss.me"
|
|
];
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
'';
|
|
};
|
|
}
|