makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

m 2 *: s,/root/secrets,<secrets>,

Browse source
This commit is contained in:
makefu 2015-10-29 10:55:54 +01:00
parent 6218126cac
commit cac577720f
3 changed files with 16 additions and 10 deletions

14
2configs/bepasty-dual.nix
View file

@ -11,7 +11,11 @@
# bepasty-secret.nix <- contains single string # bepasty-secret.nix <- contains single string
with lib; with lib;
{ let
sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine
secKey = import <secrets/bepasty-secret.nix>;
in {
krebs.nginx.enable = mkDefault true; krebs.nginx.enable = mkDefault true;
krebs.bepasty = { krebs.bepasty = {
@ -24,7 +28,7 @@ with lib;
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
}; };
defaultPermissions = "admin,list,create,read,delete"; defaultPermissions = "admin,list,create,read,delete";
secretKey = import <secrets/bepasty-secret.nix>; secretKey = secKey;
}; };
external = { external = {
@ -33,8 +37,8 @@ with lib;
extraConfig = '' extraConfig = ''
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m; ssl_session_timeout 10m;
ssl_certificate /root/secrets/wildcard.krebsco.de.crt; ssl_certificate ${sec}/wildcard.krebsco.de.crt;
ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
ssl_verify_client off; ssl_verify_client off;
proxy_ssl_session_reuse off; proxy_ssl_session_reuse off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@ -45,7 +49,7 @@ with lib;
}''; }'';
}; };
defaultPermissions = "read"; defaultPermissions = "read";
secretKey = import <secrets/bepasty-secret.nix>; secretKey = secKey;
}; };
}; };
}; };

5
2configs/nginx/euer.blog.nix
View file

@ -2,8 +2,9 @@
with lib; with lib;
let let
ssl_cert = "/root/secrets/wildcard.krebsco.de.crt"; sec = toString <secrets>;
ssl_key = "/root/secrets/wildcard.krebsco.de.key"; ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
hostname = krebs.build.host.name; hostname = krebs.build.host.name;
in { in {
krebs.nginx = { krebs.nginx = {

7
2configs/nginx/euer.wiki.nix
View file

@ -2,8 +2,9 @@
with lib; with lib;
let let
ssl_cert = "/root/secrets/wildcard.krebsco.de.crt"; sec = toString <secrets>;
ssl_key = "/root/secrets/wildcard.krebsco.de.key"; ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
user = config.services.nginx.user; user = config.services.nginx.user;
group = config.services.nginx.group; group = config.services.nginx.group;
fpm-socket = "/var/run/php5-fpm.sock"; fpm-socket = "/var/run/php5-fpm.sock";
@ -16,7 +17,7 @@ let
# contains: # contains:
# user1 = pass1 # user1 = pass1
# userN = passN # userN = passN
tw-pass-file = "/root/secrets/tw-pass.ini"; tw-pass-file = "${sec}/tw-pass.ini";
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = head config.krebs.build.host.nets.internet.addrs4;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in { in {