Browse Source

tunnels: Respect `phoebe.security.enable' like other services

This allows one to deploy to a virtual machine for testing.
master
Peter J. Jones 2 weeks ago
parent
commit
ea9e99d760
Signed by: Peter Jones <pjones@devalot.com> GPG Key ID: 9DAFAA8D01941E49
1 changed files with 3 additions and 3 deletions
  1. 3
    3
      modules/services/web/tunnels/default.nix

+ 3
- 3
modules/services/web/tunnels/default.nix View File

@@ -58,8 +58,8 @@ let
58 58
   # Create an nginx virtual host for a tunnel account:
59 59
   virtualHost = account: tunnel: {
60 60
     "${tunnel.subdomain}.${cfg.hostName}" = {
61
-      forceSSL = true;
62
-      enableACME = true;
61
+      forceSSL = config.phoebe.security.enable;
62
+      enableACME = config.phoebe.security.enable;
63 63
       root = "/var/empty";
64 64
       locations."/".proxyPass = "http://127.0.0.1:${toString tunnel.serverPort}";
65 65
     };
@@ -133,7 +133,7 @@ in
133 133
     # Configure a web server to reverse proxy connections to SSH:
134 134
     services.nginx = {
135 135
       enable = true;
136
-      recommendedTlsSettings   = true;
136
+      recommendedTlsSettings   = config.phoebe.security.enable;
137 137
       recommendedOptimisation  = true;
138 138
       recommendedGzipSettings  = true;
139 139
       recommendedProxySettings = true;

Loading…
Cancel
Save