diff options
| author | makefu <github@syntax-fehler.de> | 2015-10-29 10:55:54 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2015-10-29 10:55:54 +0100 |
| commit | 6410fd0f8557658fa5e180844def32f8bda7313d (patch) | |
| tree | 8266ef1e81f57ee4565987dd1c285cd9b8510342 | |
| parent | 8bc538b9e7bdf6fa9d93d1662ee1b889e0a5d458 (diff) | |
m 2 *: s,/root/secrets,<secrets>,
| -rw-r--r-- | makefu/2configs/bepasty-dual.nix | 14 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.blog.nix | 5 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.wiki.nix | 7 |
3 files changed, 16 insertions, 10 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index fb170957..123ae3cf 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -11,7 +11,11 @@ # bepasty-secret.nix <- contains single string with lib; -{ +let + sec = toString <secrets>; + # secKey is nothing worth protecting on a local machine + secKey = import <secrets/bepasty-secret.nix>; +in { krebs.nginx.enable = mkDefault true; krebs.bepasty = { @@ -24,7 +28,7 @@ with lib; server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; - secretKey = import <secrets/bepasty-secret.nix>; + secretKey = secKey; }; external = { @@ -33,8 +37,8 @@ with lib; extraConfig = '' ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; - ssl_certificate /root/secrets/wildcard.krebsco.de.crt; - ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_certificate ${sec}/wildcard.krebsco.de.crt; + ssl_certificate_key ${sec}/wildcard.krebsco.de.key; ssl_verify_client off; proxy_ssl_session_reuse off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; @@ -45,7 +49,7 @@ with lib; }''; }; defaultPermissions = "read"; - secretKey = import <secrets/bepasty-secret.nix>; + secretKey = secKey; }; }; }; diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index a8be1993..e97050ec 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -2,8 +2,9 @@ with lib; let - ssl_cert = "/root/secrets/wildcard.krebsco.de.crt"; - ssl_key = "/root/secrets/wildcard.krebsco.de.key"; + sec = toString <secrets>; + ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + ssl_key = "${sec}/wildcard.krebsco.de.key"; hostname = krebs.build.host.name; in { krebs.nginx = { diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 1e1834b1..fbcfe204 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -2,8 +2,9 @@ with lib; let - ssl_cert = "/root/secrets/wildcard.krebsco.de.crt"; - ssl_key = "/root/secrets/wildcard.krebsco.de.key"; + sec = toString <secrets>; + ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + ssl_key = "${sec}/wildcard.krebsco.de.key"; user = config.services.nginx.user; group = config.services.nginx.group; fpm-socket = "/var/run/php5-fpm.sock"; @@ -16,7 +17,7 @@ let # contains: # user1 = pass1 # userN = passN - tw-pass-file = "/root/secrets/tw-pass.ini"; + tw-pass-file = "${sec}/tw-pass.ini"; external-ip = head config.krebs.build.host.nets.internet.addrs4; internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { |