diff options
author | makefu <github@syntax-fehler.de> | 2015-10-21 18:49:20 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-10-21 18:49:20 +0200 |
commit | 3ccdfe4011a96ebffef848bf4c15da701d06aa80 (patch) | |
tree | 095a4b2aa6f955b324b71a70abf0d7c2548bc5aa /2configs/bepasty-dual.nix | |
parent | 9ff1b6f17f80da85823d891572ec9d0ccfe3ea3f (diff) |
wry: is the new provider for paste.krebsco.de
Diffstat (limited to '2configs/bepasty-dual.nix')
-rw-r--r-- | 2configs/bepasty-dual.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/2configs/bepasty-dual.nix b/2configs/bepasty-dual.nix new file mode 100644 index 000000000..fb170957a --- /dev/null +++ b/2configs/bepasty-dual.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +# 1systems should configure itself: +# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] +# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] +# 80 is redirected to 443 ssl + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with lib; +{ + + krebs.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + internal = { + nginx = { + server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = import <secrets/bepasty-secret.nix>; + }; + + external = { + nginx = { + server-names = [ "paste.krebsco.de" ]; + extraConfig = '' + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_certificate /root/secrets/wildcard.krebsco.de.crt; + ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_verify_client off; + proxy_ssl_session_reuse off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers RC4:HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + if ($scheme = http){ + return 301 https://$server_name$request_uri; + }''; + }; + defaultPermissions = "read"; + secretKey = import <secrets/bepasty-secret.nix>; + }; + }; + }; +} |