diff options
author | lassulus <lass@lassul.us> | 2017-01-31 17:14:30 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-01-31 17:14:30 +0100 |
commit | dfa32223172e6d5324c3d186d4720461e684cd7f (patch) | |
tree | efad7b5b4cbda5c0fdc3d757544f23c043513e59 /lass/1systems | |
parent | 904d75b482e78ec2386e2e9cca4751b2bcdb8106 (diff) |
l 1 prism: protect bepasty from external ip
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/prism.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b92c8d900..5fa86da4d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,7 +44,16 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix - ../2configs/bepasty.nix + { + imports = [ + ../2configs/bepasty.nix + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories |