summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-04-11 21:50:29 +0200
committerlassulus <lass@lassul.us>2017-04-11 21:50:29 +0200
commit1f317b8a1a38e41cb721835ed46b2db1a5318f23 (patch)
tree5f4a6a791c4278a0709362d82ded9b7235d28112 /makefu/2configs
parent575a37f00e0ee6866c72a99327921068222fc1b0 (diff)
parent9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/bepasty-dual.nix6
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/deployment/graphs.nix37
-rw-r--r--makefu/2configs/urlwatch.nix1
4 files changed, 41 insertions, 5 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index 936aaf004..ecf5f8a38 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
let
sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine
- secKey = import <secrets/bepasty-secret.nix>;
+ secKey = "${secrets}/bepasty-secret";
acmepath = "/var/lib/acme/";
acmechall = acmepath + "/challenges/";
ext-dom = "paste.krebsco.de" ;
@@ -31,7 +31,7 @@ in {
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
- secretKey = secKey;
+ secretKeyFile = secKey;
};
"${ext-dom}" = {
@@ -41,7 +41,7 @@ in {
enableACME = true;
};
defaultPermissions = "read";
- secretKey = secKey;
+ secretKeyFile = secKey;
};
};
};
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 2f340a678..7b2e6b617 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo
+ ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
new file mode 100644
index 000000000..35a724f6a
--- /dev/null
+++ b/makefu/2configs/deployment/graphs.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ hn = config.krebs.build.host.name;
+in {
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ krebs.tinc_graphs = {
+ enable = true;
+ nginx = {
+ enable = true;
+ # TODO: remove hard-coded hostname
+ complete = {
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ serverAliases = [
+ "graphs.r" "graphs.retiolum"
+ "graphs.${hn}" "graphs.${hn}.retiolum"
+ ];
+ };
+ anonymous = {
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index 5b82d8107..d1dcec657 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -9,7 +9,6 @@
## nixpkgs maintenance
https://api.github.com/repos/ovh/python-ovh/tags
https://api.github.com/repos/embray/d2to1/tags
- http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
https://api.github.com/repos/Mic92/vicious/tags
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/