diff options
| author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-10 21:35:58 -0800 |
|---|---|---|
| committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-10 21:35:58 -0800 |
| commit | edc175c5dc2bc20eaae974fde9dee1fb2a053299 (patch) | |
| tree | 425d9beeff6cf88d0ff958cd017551b92934bbfa /hosts/arrakis | |
| parent | b0085f62f6560835ecff50b6e1a41b6733bb518f (diff) | |
| download | nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.gz nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.bz2 nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.lz nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.xz nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.tar.zst nix-edc175c5dc2bc20eaae974fde9dee1fb2a053299.zip | |
Configure conditional encryption and use local iPXE script
Diffstat (limited to 'hosts/arrakis')
| -rw-r--r-- | hosts/arrakis/services.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 400e80c..9a0f4b8 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -85,6 +85,14 @@ }; nginx = { + appendHttpConfig = '' + geo $geo { + default 0; + 127.0.0.1 1; + ::1 1; + 192.168.1.0/24 1; + } + ''; enable = true; # Use recommended settings @@ -98,8 +106,13 @@ virtualHosts = { "arrakis.bitgnome.net" = { + addSSL = true; enableACME = true; - forceSSL = true; + extraConfig = '' + if ($geo = 0) { + return 301 https://$host$request_uri; + } + ''; locations = { "/" = { tryFiles = "$uri $uri/ =404"; |