From 50d0af489296a42f8773066ffc37265dab1d5b0a Mon Sep 17 00:00:00 2001
From: Joshua Hull <josh@fireflop.com>
Date: Sun, 15 Jan 2023 10:49:21 +0100
Subject: sky: homepage: set up the frontpage of labitat.dk

esmil:
- use timer to update the homepage
- git clone/update and install gems as the homepage user
---
 roles/sky/templates/homepage.nginx.j2 | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/sky/templates/homepage.nginx.j2

(limited to 'roles/sky/templates/homepage.nginx.j2')

diff --git a/roles/sky/templates/homepage.nginx.j2 b/roles/sky/templates/homepage.nginx.j2
new file mode 100644
index 0000000..cf31da9
--- /dev/null
+++ b/roles/sky/templates/homepage.nginx.j2
@@ -0,0 +1,28 @@
+# generated 2023-01-14, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+	listen *:443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name {{ domain_name }};
+
+	ssl_certificate         /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
+	ssl_certificate_key     /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;
+	ssl_trusted_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
+
+	ssl_session_cache shared:SSL:50m;
+	ssl_session_timeout 1d;
+	ssl_session_tickets off;
+
+	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
+	add_header Strict-Transport-Security "max-age=63072000" always;
+
+	# OCSP stapling
+	ssl_stapling on;
+	ssl_stapling_verify on;
+
+	root /home/homepage/homepage/build;
+
+	location = / {
+		try_files $uri /out.html;
+	}
+}
-- 
cgit v1.2.1