aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/arrakis/services.nix
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-11-10 21:35:58 -0800
committerMark Nipper <nipsy@bitgnome.net>2024-11-10 21:35:58 -0800
commitedc175c5dc2bc20eaae974fde9dee1fb2a053299 (patch)
tree425d9beeff6cf88d0ff958cd017551b92934bbfa /hosts/arrakis/services.nix
parentb0085f62f6560835ecff50b6e1a41b6733bb518f (diff)
downloadnix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.gz
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.bz2
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.lz
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.xz
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.zst
nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.zip
Configure conditional encryption and use local iPXE script
Diffstat (limited to 'hosts/arrakis/services.nix')
-rw-r--r--hosts/arrakis/services.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index 400e80c..9a0f4b8 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -85,6 +85,14 @@
};
nginx = {
+ appendHttpConfig = ''
+ geo $geo {
+ default 0;
+ 127.0.0.1 1;
+ ::1 1;
+ 192.168.1.0/24 1;
+ }
+ '';
enable = true;
# Use recommended settings
@@ -98,8 +106,13 @@
virtualHosts = {
"arrakis.bitgnome.net" = {
+ addSSL = true;
enableACME = true;
- forceSSL = true;
+ extraConfig = ''
+ if ($geo = 0) {
+ return 301 https://$host$request_uri;
+ }
+ '';
locations = {
"/" = {
tryFiles = "$uri $uri/ =404";