m 2 *: krebs.nginx -> services.nginx

1 files changed, 7 insertions, 22 deletions

diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index a6be0487..a4c6777b 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -20,42 +20,27 @@ let
   ext-dom = "paste.krebsco.de" ;
 in {
 
-  krebs.nginx.enable = mkDefault true;
+  services.nginx.enable = mkDefault true;
   krebs.bepasty = {
     enable = true;
     serveNginx= true;
 
     servers = {
       internal = {
+        domain  = "paste.r";
         nginx = {
-          server-names = [ "paste.retiolum" "paste.r" "paste.${config.krebs.build.host.name}" ];
+          serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
         };
         defaultPermissions = "admin,list,create,read,delete";
         secretKey = secKey;
       };
 
       external = {
+        domain = ext-dom;
         nginx = {
-          server-names = [ ext-dom ];
-          ssl = {
-            enable = true;
-            certificate = "${acmepath}/${ext-dom}/fullchain.pem";
-            certificate_key = "${acmepath}/${ext-dom}/key.pem";
-            # these certs will be needed if acme has not yet created certificates:
-            #certificate =   "${sec}/wildcard.krebsco.de.crt";
-            #certificate_key = "${sec}/wildcard.krebsco.de.key";
-            ciphers = "RC4:HIGH:!aNULL:!MD5" ;
-            force_encryption = true;
-          };
-          locations = singleton ( nameValuePair  "/.well-known/acme-challenge" ''
-            root ${acmechall}/${ext-dom}/;
-          '');
-          extraConfig = ''
-          ssl_session_cache    shared:SSL:1m;
-          ssl_session_timeout  10m;
-          ssl_verify_client off;
-          proxy_ssl_session_reuse off;
-          '';
+          enableSSL = true;
+          forceSSL = true;
+          enableACME = true;
         };
         defaultPermissions = "read";
         secretKey = secKey;