Merge remote-tracking branch 'gum/master'

author: lassulus <lass@lassul.us> 2016-12-25 12:13:49 +0100
committer: lassulus <lass@lassul.us> 2016-12-25 12:13:49 +0100
commit: 9224478adf54f7f65c7e8565c846160b2f0ea467 (patch)
tree: ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/2configs/bepasty-dual.nix
parent: 8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff)
parent: 1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff)
1 files changed, 7 insertions, 32 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index a6be04876..936aaf004 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -20,54 +20,29 @@ let
   ext-dom = "paste.krebsco.de" ;
 in {
 
-  krebs.nginx.enable = mkDefault true;
+  services.nginx.enable = mkDefault true;
   krebs.bepasty = {
     enable = true;
     serveNginx= true;
 
     servers = {
-      internal = {
+      "paste.r" = {
         nginx = {
-          server-names = [ "paste.retiolum" "paste.r" "paste.${config.krebs.build.host.name}" ];
+          serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
         };
         defaultPermissions = "admin,list,create,read,delete";
         secretKey = secKey;
       };
 
-      external = {
+      "${ext-dom}" = {
         nginx = {
-          server-names = [ ext-dom ];
-          ssl = {
-            enable = true;
-            certificate = "${acmepath}/${ext-dom}/fullchain.pem";
-            certificate_key = "${acmepath}/${ext-dom}/key.pem";
-            # these certs will be needed if acme has not yet created certificates:
-            #certificate =   "${sec}/wildcard.krebsco.de.crt";
-            #certificate_key = "${sec}/wildcard.krebsco.de.key";
-            ciphers = "RC4:HIGH:!aNULL:!MD5" ;
-            force_encryption = true;
-          };
-          locations = singleton ( nameValuePair  "/.well-known/acme-challenge" ''
-            root ${acmechall}/${ext-dom}/;
-          '');
-          extraConfig = ''
-          ssl_session_cache    shared:SSL:1m;
-          ssl_session_timeout  10m;
-          ssl_verify_client off;
-          proxy_ssl_session_reuse off;
-          '';
+          enableSSL = true;
+          forceSSL = true;
+          enableACME = true;
         };
         defaultPermissions = "read";
         secretKey = secKey;
       };
     };
   };
-  security.acme.certs."${ext-dom}" = {
-    email = "acme@syntax-fehler.de";
-    webroot = "${acmechall}/${ext-dom}/";
-    group = "nginx";
-    allowKeysForGroup = true;
-    postRun = "systemctl reload nginx.service";
-    extraDomains."${ext-dom}" = null ;
-  };
 }
author	lassulus <lass@lassul.us>	2016-12-25 12:13:49 +0100
committer	lassulus <lass@lassul.us>	2016-12-25 12:13:49 +0100
commit	9224478adf54f7f65c7e8565c846160b2f0ea467 (patch)
tree	ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/2configs/bepasty-dual.nix
parent	8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff)
parent	1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff)