feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyi

I verified on whitby that the password hashes generated by
//web/pwcrypt are compatible with our OpenLDAP, so it's time to make
this thing public.

Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2023-09-05 01:19:55 +03:00 committed by clbot
parent 816f76494c
commit e187a7bcb1
2 changed files with 20 additions and 0 deletions

View file

@ -0,0 +1,19 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."signup.tvl.fyi" = {
root = depot.web.pwcrypt;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
};
}