diff options
author | lassulus <lass@aidsballs.de> | 2015-10-21 19:06:48 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-10-21 19:06:48 +0200 |
commit | 692a59423ab3ab8fb2f5323af15cdec033d94fda (patch) | |
tree | db9cc8ee6e8299a642a4267354477ba7989782a6 /makefu/2configs | |
parent | 27a4aa4a49b9befe278bb4dfa68a749822aea2c0 (diff) | |
parent | 6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc (diff) |
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r-- | makefu/2configs/bepasty-dual.nix | 52 | ||||
-rw-r--r-- | makefu/2configs/exim-retiolum.nix | 4 | ||||
-rw-r--r-- | makefu/2configs/unstable-sources.nix | 19 |
3 files changed, 71 insertions, 4 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix new file mode 100644 index 000000000..fb170957a --- /dev/null +++ b/makefu/2configs/bepasty-dual.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +# 1systems should configure itself: +# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] +# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] +# 80 is redirected to 443 ssl + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with lib; +{ + + krebs.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + internal = { + nginx = { + server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = import <secrets/bepasty-secret.nix>; + }; + + external = { + nginx = { + server-names = [ "paste.krebsco.de" ]; + extraConfig = '' + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_certificate /root/secrets/wildcard.krebsco.de.crt; + ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_verify_client off; + proxy_ssl_session_reuse off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers RC4:HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + if ($scheme = http){ + return 301 https://$server_name$request_uri; + }''; + }; + defaultPermissions = "read"; + secretKey = import <secrets/bepasty-secret.nix>; + }; + }; + }; +} diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix index cebfd7cea..b8c5c5236 100644 --- a/makefu/2configs/exim-retiolum.nix +++ b/makefu/2configs/exim-retiolum.nix @@ -5,10 +5,6 @@ with lib; krebs.exim-retiolum.enable = true; environment.systemPackages = with pkgs; [ msmtp - mutt-kz - notmuch - # TODO: put this somewhere else - offlineimap ]; } diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix new file mode 100644 index 000000000..f2d28dcaf --- /dev/null +++ b/makefu/2configs/unstable-sources.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/makefu/nixpkgs; + rev = "984d33884d63d404ff2da76920b8bc8b15471552"; + }; + + dir.secrets = { + host = config.krebs.hosts.pornocauster; + path = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + }; + dir.stockholm = { + host = config.krebs.hosts.pornocauster; + path = toString ../.. ; + }; + }; +} |