diff options
author | lassulus <lass@lassul.us> | 2017-01-31 16:57:42 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-01-31 16:57:42 +0100 |
commit | 8f98fde52310f21e5aceafb5fd1dfe1707227739 (patch) | |
tree | 4d545937cf6695012ddb0e55f278389b1b773ea3 /lass/2configs/bepasty.nix | |
parent | 3bfcf88629a73365875993a7b093d28d00299f7c (diff) |
l 2: add bepasty.nix
Diffstat (limited to 'lass/2configs/bepasty.nix')
-rw-r--r-- | lass/2configs/bepasty.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix new file mode 100644 index 000000000..a3c6d0f28 --- /dev/null +++ b/lass/2configs/bepasty.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with import <stockholm/lib>; +let + secKey = import <secrets/bepasty-secret.nix>; + ext-dom = "paste.lassul.us" ; +in { + + services.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + "paste.r" = { + nginx = { + serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = secKey; + }; + + "${ext-dom}" = { + nginx = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + defaultPermissions = "read"; + secretKey = secKey; + }; + }; + }; +} |