summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bepasty-dual.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r--makefu/2configs/bepasty-dual.nix29
1 files changed, 7 insertions, 22 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index a6be04876..a4c6777bc 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -20,42 +20,27 @@ let
ext-dom = "paste.krebsco.de" ;
in {
- krebs.nginx.enable = mkDefault true;
+ services.nginx.enable = mkDefault true;
krebs.bepasty = {
enable = true;
serveNginx= true;
servers = {
internal = {
+ domain = "paste.r";
nginx = {
- server-names = [ "paste.retiolum" "paste.r" "paste.${config.krebs.build.host.name}" ];
+ serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
};
external = {
+ domain = ext-dom;
nginx = {
- server-names = [ ext-dom ];
- ssl = {
- enable = true;
- certificate = "${acmepath}/${ext-dom}/fullchain.pem";
- certificate_key = "${acmepath}/${ext-dom}/key.pem";
- # these certs will be needed if acme has not yet created certificates:
- #certificate = "${sec}/wildcard.krebsco.de.crt";
- #certificate_key = "${sec}/wildcard.krebsco.de.key";
- ciphers = "RC4:HIGH:!aNULL:!MD5" ;
- force_encryption = true;
- };
- locations = singleton ( nameValuePair "/.well-known/acme-challenge" ''
- root ${acmechall}/${ext-dom}/;
- '');
- extraConfig = ''
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 10m;
- ssl_verify_client off;
- proxy_ssl_session_reuse off;
- '';
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
};
defaultPermissions = "read";
secretKey = secKey;