From 9b228ca52b1e6fc9b0e2071dd376ecdb42acf155 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Tue, 10 Jan 2023 02:03:15 -0600
Subject: env/dhe: enable management of DH parameters

---
 env/default.nix | 1 +
 env/dhe.nix     | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 env/dhe.nix

diff --git a/env/default.nix b/env/default.nix
index ab68406..d9b85ab 100644
--- a/env/default.nix
+++ b/env/default.nix
@@ -2,6 +2,7 @@
 with lib; {
   imports = [
     ./acme
+    ./dhe.nix
     ./users
   ];
 }
diff --git a/env/dhe.nix b/env/dhe.nix
new file mode 100644
index 0000000..7a95f2d
--- /dev/null
+++ b/env/dhe.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  config.security.dhparams = {
+    enable = true;
+    defaultBitSize = 2048;
+  };
+}
-- 
cgit v1.2.3