From d18857c65474614b0e4386df3fca6da9ca8a8979 Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@lainmail.xyz>
Date: Tue, 30 Dec 2025 01:30:05 +0300
Subject: feat(git): new domain!

---
 etc/acme-client.conf | 6 ++++++
 etc/httpd.conf       | 9 +++++++++
 etc/relayd.conf      | 8 ++++++--
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/etc/acme-client.conf b/etc/acme-client.conf
index 7fce4f5..28d48c9 100644
--- a/etc/acme-client.conf
+++ b/etc/acme-client.conf
@@ -15,3 +15,9 @@ domain text.iwakura.page {
     domain full chain certificate "/etc/ssl/text.iwakura.page.crt"
     sign with letsencrypt
 }
+
+domain git.iwakura.page {
+    domain key "/etc/ssl/private/git.iwakura.page.key"
+    domain full chain certificate "/etc/ssl/git.iwakura.page.crt"
+    sign with letsencrypt
+}
diff --git a/etc/httpd.conf b/etc/httpd.conf
index 669e27a..c8de2f4 100644
--- a/etc/httpd.conf
+++ b/etc/httpd.conf
@@ -31,3 +31,12 @@ server "text.iwakura.page" {
     }
     block return 301 "https://text.iwakura.page$REQUEST_URI"
 }
+
+server "git.iwakura.page" {
+    listen on * port 80
+    location "/.well-known/acme-challenge/*" {
+        root "/acme"
+        request strip 2
+    }
+    block return 301 "https://git.iwakura.page$REQUEST_URI"
+}
diff --git a/etc/relayd.conf b/etc/relayd.conf
index a40fe4f..46342c1 100644
--- a/etc/relayd.conf
+++ b/etc/relayd.conf
@@ -1,6 +1,7 @@
 ip4="193.26.157.243"
 table <www> { 127.0.0.1 }
 table <wwwtext> { REPLACEME }
+table <wwwgit> { REPLACEME }
 
 log connection
 
@@ -11,13 +12,15 @@ http protocol https {
     match request header set "Connection" value "close"
     tcp { sack, backlog 128 }
     tls { keypair iwakura.page }
-    tls { keypair text.iwakura.page } 
+    tls { keypair text.iwakura.page }
+    tls { keypair git.iwakura.page }
     match request header "Host" value "iwakura.page" forward to <www>
     match request header "Host" value "www.iwakura.page" forward to <www>
     match request header "Host" value "text.iwakura.page" forward to <wwwtext>
+     match request header "Host" value "git.iwakura.page" forward to <wwwgit>
     match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
     match response header append "Cache-Control" value "public, max-age=86400"
-    match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self'; object-src 'none';"
+    match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none';"
     match response header append "X-Content-Type-Options" value "nosniff"
     match response header append "X-Frame-Options" value "SAMEORIGIN"
     match response header append "Referrer-Policy" value "no-referrer"
@@ -30,4 +33,5 @@ relay wwwtls {
     protocol https
     forward to <www> port 8080 check tcp
     forward to <wwwtext> port 8834 check tcp
+    forward to <wwwgit> port 8855 check tcp
 }
-- 
cgit 1.4.1