summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bepasty-dual.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r--makefu/2configs/bepasty-dual.nix55
1 files changed, 0 insertions, 55 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
deleted file mode 100644
index f63dbefd..00000000
--- a/makefu/2configs/bepasty-dual.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# 1systems should configure itself:
-# krebs.bepasty.servers.internal.nginx.listen = [ "80" ]
-# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ]
-# 80 is redirected to 443 ssl
-
-# secrets used:
-# wildcard.krebsco.de.crt
-# wildcard.krebsco.de.key
-# bepasty-secret.nix <- contains single string
-
-with import <stockholm/lib>;
-let
- sec = toString <secrets>;
- # secKey is nothing worth protecting on a local machine
- secKey = "${secrets}/bepasty-secret";
- acmepath = "/var/lib/acme/";
- acmechall = acmepath + "/challenges/";
- ext-dom = "paste.krebsco.de" ;
-in {
-
- services.nginx.enable = mkDefault true;
- krebs.bepasty = {
- enable = true;
- serveNginx= true;
-
- servers = {
- "paste.r" = {
- nginx = {
- serverAliases = [
- "paste.${config.krebs.build.host.name}"
- "paste.r"
- ];
- extraConfig = ''
- if ( $server_addr = "${external-ip}" ) {
- return 403;
- }
- '';
- };
- defaultPermissions = "admin,list,create,read,delete";
- secretKeyFile = secKey;
- };
-
- "${ext-dom}" = {
- nginx = {
- forceSSL = true;
- enableACME = true;
- };
- defaultPermissions = "read";
- secretKeyFile = secKey;
- };
- };
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 13:42:37 +0000