diff options
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
| -rw-r--r-- | makefu/2configs/bepasty-dual.nix | 39 |
1 files changed, 7 insertions, 32 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index a6be0487..936aaf00 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -20,54 +20,29 @@ let ext-dom = "paste.krebsco.de" ; in { - krebs.nginx.enable = mkDefault true; + services.nginx.enable = mkDefault true; krebs.bepasty = { enable = true; serveNginx= true; servers = { - internal = { + "paste.r" = { nginx = { - server-names = [ "paste.retiolum" "paste.r" "paste.${config.krebs.build.host.name}" ]; + serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; secretKey = secKey; }; - external = { + "${ext-dom}" = { nginx = { - server-names = [ ext-dom ]; - ssl = { - enable = true; - certificate = "${acmepath}/${ext-dom}/fullchain.pem"; - certificate_key = "${acmepath}/${ext-dom}/key.pem"; - # these certs will be needed if acme has not yet created certificates: - #certificate = "${sec}/wildcard.krebsco.de.crt"; - #certificate_key = "${sec}/wildcard.krebsco.de.key"; - ciphers = "RC4:HIGH:!aNULL:!MD5" ; - force_encryption = true; - }; - locations = singleton ( nameValuePair "/.well-known/acme-challenge" '' - root ${acmechall}/${ext-dom}/; - ''); - extraConfig = '' - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_verify_client off; - proxy_ssl_session_reuse off; - ''; + enableSSL = true; + forceSSL = true; + enableACME = true; }; defaultPermissions = "read"; secretKey = secKey; }; }; }; - security.acme.certs."${ext-dom}" = { - email = "acme@syntax-fehler.de"; - webroot = "${acmechall}/${ext-dom}/"; - group = "nginx"; - allowKeysForGroup = true; - postRun = "systemctl reload nginx.service"; - extraDomains."${ext-dom}" = null ; - }; } |