diff options
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r-- | makefu/2configs/bepasty-dual.nix | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix deleted file mode 100644 index f63dbefd8..000000000 --- a/makefu/2configs/bepasty-dual.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -# 1systems should configure itself: -# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] -# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] -# 80 is redirected to 443 ssl - -# secrets used: -# wildcard.krebsco.de.crt -# wildcard.krebsco.de.key -# bepasty-secret.nix <- contains single string - -with import <stockholm/lib>; -let - sec = toString <secrets>; - # secKey is nothing worth protecting on a local machine - secKey = "${secrets}/bepasty-secret"; - acmepath = "/var/lib/acme/"; - acmechall = acmepath + "/challenges/"; - ext-dom = "paste.krebsco.de" ; -in { - - services.nginx.enable = mkDefault true; - krebs.bepasty = { - enable = true; - serveNginx= true; - - servers = { - "paste.r" = { - nginx = { - serverAliases = [ - "paste.${config.krebs.build.host.name}" - "paste.r" - ]; - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - }; - defaultPermissions = "admin,list,create,read,delete"; - secretKeyFile = secKey; - }; - - "${ext-dom}" = { - nginx = { - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read"; - secretKeyFile = secKey; - }; - }; - }; -} |