summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-10-21 19:06:48 +0200
committerlassulus <lass@aidsballs.de>2015-10-21 19:06:48 +0200
commit692a59423ab3ab8fb2f5323af15cdec033d94fda (patch)
treedb9cc8ee6e8299a642a4267354477ba7989782a6 /makefu/2configs
parent27a4aa4a49b9befe278bb4dfa68a749822aea2c0 (diff)
parent6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc (diff)
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/bepasty-dual.nix52
-rw-r--r--makefu/2configs/exim-retiolum.nix4
-rw-r--r--makefu/2configs/unstable-sources.nix19
3 files changed, 71 insertions, 4 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
new file mode 100644
index 000000000..fb170957a
--- /dev/null
+++ b/makefu/2configs/bepasty-dual.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+# 1systems should configure itself:
+# krebs.bepasty.servers.internal.nginx.listen = [ "80" ]
+# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ]
+# 80 is redirected to 443 ssl
+
+# secrets used:
+# wildcard.krebsco.de.crt
+# wildcard.krebsco.de.key
+# bepasty-secret.nix <- contains single string
+
+with lib;
+{
+
+ krebs.nginx.enable = mkDefault true;
+ krebs.bepasty = {
+ enable = true;
+ serveNginx= true;
+
+ servers = {
+ internal = {
+ nginx = {
+ server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+ };
+ defaultPermissions = "admin,list,create,read,delete";
+ secretKey = import <secrets/bepasty-secret.nix>;
+ };
+
+ external = {
+ nginx = {
+ server-names = [ "paste.krebsco.de" ];
+ extraConfig = ''
+ ssl_session_cache shared:SSL:1m;
+ ssl_session_timeout 10m;
+ ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
+ ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
+ ssl_verify_client off;
+ proxy_ssl_session_reuse off;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers RC4:HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+ if ($scheme = http){
+ return 301 https://$server_name$request_uri;
+ }'';
+ };
+ defaultPermissions = "read";
+ secretKey = import <secrets/bepasty-secret.nix>;
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix
index cebfd7cea..b8c5c5236 100644
--- a/makefu/2configs/exim-retiolum.nix
+++ b/makefu/2configs/exim-retiolum.nix
@@ -5,10 +5,6 @@ with lib;
krebs.exim-retiolum.enable = true;
environment.systemPackages = with pkgs; [
msmtp
- mutt-kz
- notmuch
- # TODO: put this somewhere else
- offlineimap
];
}
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
new file mode 100644
index 000000000..f2d28dcaf
--- /dev/null
+++ b/makefu/2configs/unstable-sources.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+{
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/makefu/nixpkgs;
+ rev = "984d33884d63d404ff2da76920b8bc8b15471552";
+ };
+
+ dir.secrets = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ };
+ dir.stockholm = {
+ host = config.krebs.hosts.pornocauster;
+ path = toString ../.. ;
+ };
+ };
+}