summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/retiolum-bootstrap.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-10-21 19:06:48 +0200
committerlassulus <lass@aidsballs.de>2015-10-21 19:06:48 +0200
commit692a59423ab3ab8fb2f5323af15cdec033d94fda (patch)
treedb9cc8ee6e8299a642a4267354477ba7989782a6 /krebs/3modules/retiolum-bootstrap.nix
parent27a4aa4a49b9befe278bb4dfa68a749822aea2c0 (diff)
parent6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc (diff)
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'krebs/3modules/retiolum-bootstrap.nix')
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix22
1 files changed, 14 insertions, 8 deletions
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index eed11642f..65bb51193 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -16,6 +16,14 @@ let
description = "hostname which serves tinc boot";
default = "tinc.krebsco.de" ;
};
+ listen = mkOption {
+ type = with types; listOf str;
+ description = ''Addresses to listen on (nginx-syntax).
+ ssl will be configured, http will be redirected to ssl.
+ Make sure to have at least 1 ssl port configured.
+ '';
+ default = [ "80" "443 ssl" ] ;
+ };
ssl_certificate_key = mkOption {
type = types.str;
description = "Certificate key to use for ssl";
@@ -33,19 +41,17 @@ let
imp = {
krebs.nginx.servers = assert config.krebs.nginx.enable; {
- retiolum-boot-redir = {
- server-names = singleton cfg.hostname;
- extraConfig = ''
- return 301 https://$server_name$request_uri;
- '';
- locations = [];
- };
retiolum-boot-ssl = {
server-names = singleton cfg.hostname;
- listen = "443 ssl";
+ listen = cfg.listen;
extraConfig = ''
ssl_certificate ${cfg.ssl_certificate};
ssl_certificate_key ${cfg.ssl_certificate_key};
+
+ if ($scheme = http){
+ return 301 https://$server_name$request_uri;
+ }
+
root ${pkgs.retiolum-bootstrap};
try_files $uri $uri/retiolum.sh;
'';