From 9bc37d34bafb094666db1734dbdc825c2020da14 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 15 Jan 2024 00:28:48 +0100
Subject: [PATCH] Increase security of SSL via OCSP stapling

---
 modules/webstack.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/webstack.nix b/modules/webstack.nix
index 448983b..f05aaa6 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -180,6 +180,7 @@
       dnsResolver = "127.0.0.1:53";
       group = "nginx";
       webroot = "/var/lib/acme/acme-challenge";
+      ocspMustStaple = true;
     };
     certs."coolneng.duckdns.org".extraDomainNames = [
       "radicale.coolneng.duckdns.org"