diff options
author | lassulus <lass@lassul.us> | 2017-04-11 21:50:29 +0200 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-04-11 21:50:29 +0200 |
commit | 1f317b8a1a38e41cb721835ed46b2db1a5318f23 (patch) | |
tree | 5f4a6a791c4278a0709362d82ded9b7235d28112 /makefu/2configs | |
parent | 575a37f00e0ee6866c72a99327921068222fc1b0 (diff) | |
parent | 9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r-- | makefu/2configs/bepasty-dual.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/deployment/graphs.nix | 37 | ||||
-rw-r--r-- | makefu/2configs/urlwatch.nix | 1 |
4 files changed, 41 insertions, 5 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 936aaf004..ecf5f8a38 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; let sec = toString <secrets>; # secKey is nothing worth protecting on a local machine - secKey = import <secrets/bepasty-secret.nix>; + secKey = "${secrets}/bepasty-secret"; acmepath = "/var/lib/acme/"; acmechall = acmepath + "/challenges/"; ext-dom = "paste.krebsco.de" ; @@ -31,7 +31,7 @@ in { serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; - secretKey = secKey; + secretKeyFile = secKey; }; "${ext-dom}" = { @@ -41,7 +41,7 @@ in { enableACME = true; }; defaultPermissions = "read"; - secretKey = secKey; + secretKeyFile = secKey; }; }; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 2f340a678..7b2e6b617 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo + ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix new file mode 100644 index 000000000..35a724f6a --- /dev/null +++ b/makefu/2configs/deployment/graphs.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + hn = config.krebs.build.host.name; +in { + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + krebs.tinc_graphs = { + enable = true; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + serverAliases = [ + "graphs.r" "graphs.retiolum" + "graphs.${hn}" "graphs.${hn}.retiolum" + ]; + }; + anonymous = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + }; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 5b82d8107..d1dcec657 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -9,7 +9,6 @@ ## nixpkgs maintenance https://api.github.com/repos/ovh/python-ovh/tags https://api.github.com/repos/embray/d2to1/tags - http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release https://api.github.com/repos/Mic92/vicious/tags https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ |