From edc175c5dc2bc20eaae974fde9dee1fb2a053299 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Sun, 10 Nov 2024 21:35:58 -0800 Subject: Configure conditional encryption and use local iPXE script --- hosts/arrakis/services.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'hosts/arrakis') diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 400e80c..9a0f4b8 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -85,6 +85,14 @@ }; nginx = { + appendHttpConfig = '' + geo $geo { + default 0; + 127.0.0.1 1; + ::1 1; + 192.168.1.0/24 1; + } + ''; enable = true; # Use recommended settings @@ -98,8 +106,13 @@ virtualHosts = { "arrakis.bitgnome.net" = { + addSSL = true; enableACME = true; - forceSSL = true; + extraConfig = '' + if ($geo = 0) { + return 301 https://$host$request_uri; + } + ''; locations = { "/" = { tryFiles = "$uri $uri/ =404"; -- cgit v1.2.3