2017-04-11 21:35:49 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with import <stockholm/lib>;
|
|
|
|
let
|
|
|
|
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
|
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
|
|
hn = config.krebs.build.host.name;
|
|
|
|
in {
|
|
|
|
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
|
|
|
if ( $server_addr = "${external-ip}" ) {
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
krebs.tinc_graphs = {
|
|
|
|
enable = true;
|
|
|
|
nginx = {
|
|
|
|
enable = true;
|
|
|
|
# TODO: remove hard-coded hostname
|
|
|
|
complete = {
|
|
|
|
extraConfig = ''
|
|
|
|
if ( $server_addr = "${external-ip}" ) {
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
serverAliases = [
|
2017-04-15 17:58:20 +02:00
|
|
|
"graph.r"
|
|
|
|
"graph.${hn}" "graph.${hn}.r"
|
2017-04-11 21:35:49 +02:00
|
|
|
];
|
|
|
|
};
|
|
|
|
anonymous = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|