1 files changed, 20 insertions, 4 deletions

diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 8146a3f..270cbf1 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -38,9 +38,10 @@
   ("dkim._domainkey" "3600" "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"")
   ("git" "3600" "IN" "A" "81.190.248.246")
   ("radicale" "3600" "IN" "A" "81.190.248.246")
+  ("schron" "3600" "IN" "A" "81.190.248.246")
+  ("sejf" "3600" "IN" "A" "81.190.248.246")
   ("test" "3600" "IN" "A" "81.190.248.246")
-  ("www" "3600" "IN" "A" "81.190.248.246")
-  ("schron" "3600" "IN" "A" "81.190.248.246"))
+  ("www" "3600" "IN" "A" "81.190.248.246"))
 
 (define master-zone
   (gnu:services:dns:knot-zone-configuration
@@ -51,7 +52,7 @@
         (origin "marekpasnikowski.pl")
         (ns "ns.marekpasnikowski.pl.")
         (mail "marek.marekpasnikowski.pl.")
-        (serial 2025061000)))))
+        (serial 2025072600)))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
@@ -190,7 +191,6 @@
        (hide? #t)
        (path "/srv/git/marek/packages"))))
     (project-list (list "deployment.git"
-                        "distribution.git"
                         "nonguix.git"
                         "sovereign.git"))
     (repository-directory "/var/lib/gitolite/repositories"))))
@@ -316,6 +316,22 @@
         (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
         (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;"
                            "ssl_verify_client on;")))
+      ;; Sejf
+      (gnu:services:web:nginx-server-configuration
+        (locations (list (gnu:services:web:nginx-location-configuration
+                            (body (list "proxy_set_header Host $host;"
+                                        "proxy_set_header X-Real-IP $remote_addr;"
+                                        "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+                                        "proxy_set_header X-Forwarded-Proto $scheme;"
+                                        "if ($ssl_client_verify != SUCCESS) {return 403;}"))
+                            (uri  "/"))))
+        (listen (list "192.168.10.2:443 ssl"))
+        (root "/home/marek/Publiczne/sejf")
+        (server-name (list "sejf.marekpasnikowski.pl"))
+        (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
+        (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
+        (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;"
+                           "ssl_verify_client on;")))
       ;; Radicale
       ((@ (gnu services web) nginx-server-configuration)
        (locations