Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2017-02-04 14:31:47 +0100
committer: makefu <github@syntax-fehler.de> 2017-02-04 14:31:47 +0100
commit: d6c9edd9dc860d560d4ea7a727962aaf93d09322 (patch)
tree: aefb49a9372b959cd722bdfcf51001783cda8bb1 /lass/2configs/bepasty.nix
parent: d2df5375e705e55764b4cacd4ea32dffcb4c6041 (diff)
parent: 8daef993dcb6149a02c72a4895d6e808a6c6a8d4 (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
new file mode 100644
index 00000000..a3c6d0f2
--- /dev/null
+++ b/lass/2configs/bepasty.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+# secrets used:
+#   wildcard.krebsco.de.crt
+#   wildcard.krebsco.de.key
+#   bepasty-secret.nix     <- contains single string
+
+with import <stockholm/lib>;
+let
+  secKey = import <secrets/bepasty-secret.nix>;
+  ext-dom = "paste.lassul.us" ;
+in {
+
+  services.nginx.enable = mkDefault true;
+  krebs.bepasty = {
+    enable = true;
+    serveNginx= true;
+
+    servers = {
+      "paste.r" = {
+        nginx = {
+          serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+        };
+        defaultPermissions = "admin,list,create,read,delete";
+        secretKey = secKey;
+      };
+
+      "${ext-dom}" = {
+        nginx = {
+          enableSSL = true;
+          forceSSL = true;
+          enableACME = true;
+        };
+        defaultPermissions = "read";
+        secretKey = secKey;
+      };
+    };
+  };
+}
author	makefu <github@syntax-fehler.de>	2017-02-04 14:31:47 +0100
committer	makefu <github@syntax-fehler.de>	2017-02-04 14:31:47 +0100
commit	d6c9edd9dc860d560d4ea7a727962aaf93d09322 (patch)
tree	aefb49a9372b959cd722bdfcf51001783cda8bb1 /lass/2configs/bepasty.nix
parent	d2df5375e705e55764b4cacd4ea32dffcb4c6041 (diff)
parent	8daef993dcb6149a02c72a4895d6e808a6c6a8d4 (diff)