diff options
author | lassulus <lassulus@lassul.us> | 2019-10-10 14:27:52 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2019-10-10 14:48:22 +0200 |
commit | 7fb3248a6c9213f9e93a10e9fbefa6375eff161e (patch) | |
tree | 30308f43693ca8d9fae1350e02ff2571ff38cd76 | |
parent | ee36de2973732362f1abdfb5b6b55db1f17b1316 (diff) |
l: fix nginx path traversal
-rw-r--r-- | lass/1systems/prism/config.nix | 2 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 4 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 13 |
3 files changed, 11 insertions, 8 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 853075744..13e865c6e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index b4efd42fc..7e1433fde 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -230,11 +230,11 @@ in { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; - locations."/recent".extraConfig = '' + locations."= /recent".extraConfig = '' alias /tmp/played; ''; }; - virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let html = pkgs.writeText "index.html" '' <!DOCTYPE html> <html lang="en"> diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 0f52d40b6..f04f312d0 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -37,30 +37,33 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /hosts".extraConfig = '' + alias ${pkgs.krebs-hosts_combined}; + ''; locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.krebs-hosts-retiolum}; ''; locations."= /wireguard-key".extraConfig = '' alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; - locations."/tinc".extraConfig = '' + locations."/tinc/".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/krebspage".extraConfig = '' + locations."= /krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; ''; - locations."/init".extraConfig = let + locations."= /init".extraConfig = let initscript = pkgs.init.override { pubkey = config.krebs.users.lass.pubkey; }; in '' alias ${initscript}; ''; - locations."/pub".extraConfig = '' + locations."= /pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."/pub1".extraConfig = '' + locations."= /pub1".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; |