From e187a7bcb18ade669e276473b277edcd01f1babb Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Tue, 5 Sep 2023 01:19:55 +0300
Subject: feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyi

I verified on whitby that the password hashes generated by
//web/pwcrypt are compatible with our OpenLDAP, so it's time to make
this thing public.

Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
---
 ops/machines/whitby/default.nix    |  1 +
 ops/modules/www/signup.tvl.fyi.nix | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 ops/modules/www/signup.tvl.fyi.nix

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 59ba48b7e335..9d0494f8d2c9 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -39,6 +39,7 @@ in
     (mod "www/images.tvl.fyi.nix")
     (mod "www/nixery.dev.nix")
     (mod "www/self-redirect.nix")
+    (mod "www/signup.tvl.fyi.nix")
     (mod "www/static.tvl.fyi.nix")
     (mod "www/status.tvl.su.nix")
     (mod "www/todo.tvl.fyi.nix")
diff --git a/ops/modules/www/signup.tvl.fyi.nix b/ops/modules/www/signup.tvl.fyi.nix
new file mode 100644
index 000000000000..1b193f99a9ed
--- /dev/null
+++ b/ops/modules/www/signup.tvl.fyi.nix
@@ -0,0 +1,19 @@
+{ depot, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."signup.tvl.fyi" = {
+      root = depot.web.pwcrypt;
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+    };
+  };
+}
-- 
cgit 1.4.1