diff options
author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/bepasty-dual.nix | |
parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r-- | makefu/2configs/bepasty-dual.nix | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix deleted file mode 100644 index f63dbefd..00000000 --- a/makefu/2configs/bepasty-dual.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -# 1systems should configure itself: -# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] -# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] -# 80 is redirected to 443 ssl - -# secrets used: -# wildcard.krebsco.de.crt -# wildcard.krebsco.de.key -# bepasty-secret.nix <- contains single string - -with import <stockholm/lib>; -let - sec = toString <secrets>; - # secKey is nothing worth protecting on a local machine - secKey = "${secrets}/bepasty-secret"; - acmepath = "/var/lib/acme/"; - acmechall = acmepath + "/challenges/"; - ext-dom = "paste.krebsco.de" ; -in { - - services.nginx.enable = mkDefault true; - krebs.bepasty = { - enable = true; - serveNginx= true; - - servers = { - "paste.r" = { - nginx = { - serverAliases = [ - "paste.${config.krebs.build.host.name}" - "paste.r" - ]; - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - }; - defaultPermissions = "admin,list,create,read,delete"; - secretKeyFile = secKey; - }; - - "${ext-dom}" = { - nginx = { - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read"; - secretKeyFile = secKey; - }; - }; - }; -} |