From 6b4f2995f48e4a72ac56692045829c0ea754a6ab Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 25 Dec 2016 01:08:49 +0100
Subject: [PATCH] m 1 wry: forbid external paste access

---
 1systems/wry.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/1systems/wry.nix b/1systems/wry.nix
index 81ee37b..6290ff6 100644
--- a/1systems/wry.nix
+++ b/1systems/wry.nix
@@ -13,7 +13,7 @@ in {
       ../2configs/fs/CAC-CentOS-7-64bit.nix
       ../2configs/save-diskspace.nix
 
-      # ../2configs/bepasty-dual.nix
+      ../2configs/bepasty-dual.nix
 
       ../2configs/iodined.nix
       ../2configs/backup.nix
@@ -45,14 +45,14 @@ in {
                                random-emoji ];
   };
 
-  # bepasty to listen only on the correct interfaces
-  krebs.bepasty.servers.internal.nginx.listen  = [ "${internal-ip}:80" ];
-  krebs.bepasty.servers.external.nginx.listen  = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
-
   # prepare graphs
   services.nginx.enable = true;
   krebs.retiolum-bootstrap.enable = true;
-
+  krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+    if ( $server_addr = "${external-ip}" ) {
+      return 403;
+    }
+  '';
   krebs.tinc_graphs = {
     enable = true;
     nginx = {