feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyi r/6552

I verified on whitby that the password hashes generated by //web/pwcrypt are compatible with our OpenLDAP, so it's time to make this thing public. Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
author: Vincent Ambo <mail@tazj.in> 2023-09-04T22·19+0300
committer: clbot <clbot@tvl.fyi> 2023-09-05T14·44+0000
commit: e187a7bcb18ade669e276473b277edcd01f1babb (patch)
tree: 1b6747387d29d89b3fbcd390ba0db1ceed1089ad /ops/modules
parent: 816f76494cc7a73e5ba3f8b3e66187923af7e364 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/ops/modules/www/signup.tvl.fyi.nix b/ops/modules/www/signup.tvl.fyi.nix
new file mode 100644
index 0000000000..1b193f99a9
--- /dev/null
+++ b/ops/modules/www/signup.tvl.fyi.nix
@@ -0,0 +1,19 @@
+{ depot, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."signup.tvl.fyi" = {
+      root = depot.web.pwcrypt;
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+    };
+  };
+}
author	Vincent Ambo <mail@tazj.in>	2023-09-04T22·19+0300
committer	clbot <clbot@tvl.fyi>	2023-09-05T14·44+0000
commit	e187a7bcb18ade669e276473b277edcd01f1babb (patch)
tree	1b6747387d29d89b3fbcd390ba0db1ceed1089ad /ops/modules
parent	816f76494cc7a73e5ba3f8b3e66187923af7e364 (diff)