From cac577720fed782bfd43edffff23c9ecc353de9f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 29 Oct 2015 10:55:54 +0100
Subject: [PATCH] m 2 *: s,/root/secrets,<secrets>,
---
2configs/bepasty-dual.nix | 14 +++++++++-----
2configs/nginx/euer.blog.nix | 5 +++--
2configs/nginx/euer.wiki.nix | 7 ++++---
3 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/2configs/bepasty-dual.nix b/2configs/bepasty-dual.nix
index fb17095..123ae3c 100644
--- a/2configs/bepasty-dual.nix
+++ b/2configs/bepasty-dual.nix
@@ -11,7 +11,11 @@
# bepasty-secret.nix <- contains single string
with lib;
-{
+let
+ sec = toString <secrets>;
+ # secKey is nothing worth protecting on a local machine
+ secKey = import <secrets/bepasty-secret.nix>;
+in {
krebs.nginx.enable = mkDefault true;
krebs.bepasty = {
@@ -24,7 +28,7 @@ with lib;
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
- secretKey = import <secrets/bepasty-secret.nix>;
+ secretKey = secKey;
};
external = {
@@ -33,8 +37,8 @@ with lib;
extraConfig = ''
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
- ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
- ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
+ ssl_certificate ${sec}/wildcard.krebsco.de.crt;
+ ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
ssl_verify_client off;
proxy_ssl_session_reuse off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -45,7 +49,7 @@ with lib;
}'';
};
defaultPermissions = "read";
- secretKey = import <secrets/bepasty-secret.nix>;
+ secretKey = secKey;
};
};
};
diff --git a/2configs/nginx/euer.blog.nix b/2configs/nginx/euer.blog.nix
index a8be199..e97050e 100644
--- a/2configs/nginx/euer.blog.nix
+++ b/2configs/nginx/euer.blog.nix
@@ -2,8 +2,9 @@
with lib;
let
- ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
- ssl_key = "/root/secrets/wildcard.krebsco.de.key";
+ sec = toString <secrets>;
+ ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ ssl_key = "${sec}/wildcard.krebsco.de.key";
hostname = krebs.build.host.name;
in {
krebs.nginx = {
diff --git a/2configs/nginx/euer.wiki.nix b/2configs/nginx/euer.wiki.nix
index 1e1834b..fbcfe20 100644
--- a/2configs/nginx/euer.wiki.nix
+++ b/2configs/nginx/euer.wiki.nix
@@ -2,8 +2,9 @@
with lib;
let
- ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
- ssl_key = "/root/secrets/wildcard.krebsco.de.key";
+ sec = toString <secrets>;
+ ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ ssl_key = "${sec}/wildcard.krebsco.de.key";
user = config.services.nginx.user;
group = config.services.nginx.group;
fpm-socket = "/var/run/php5-fpm.sock";
@@ -16,7 +17,7 @@ let
# contains:
# user1 = pass1
# userN = passN
- tw-pass-file = "/root/secrets/tw-pass.ini";
+ tw-pass-file = "${sec}/tw-pass.ini";
external-ip = head config.krebs.build.host.nets.internet.addrs4;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {