summaryrefslogtreecommitdiffstats
path: root/lass/2configs/bepasty.nix
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-01-31 16:57:42 +0100
committerlassulus <lass@lassul.us>2017-01-31 16:57:42 +0100
commit8f98fde52310f21e5aceafb5fd1dfe1707227739 (patch)
tree4d545937cf6695012ddb0e55f278389b1b773ea3 /lass/2configs/bepasty.nix
parent3bfcf88629a73365875993a7b093d28d00299f7c (diff)
l 2: add bepasty.nix
Diffstat (limited to 'lass/2configs/bepasty.nix')
-rw-r--r--lass/2configs/bepasty.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
new file mode 100644
index 000000000..a3c6d0f28
--- /dev/null
+++ b/lass/2configs/bepasty.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+# secrets used:
+# wildcard.krebsco.de.crt
+# wildcard.krebsco.de.key
+# bepasty-secret.nix <- contains single string
+
+with import <stockholm/lib>;
+let
+ secKey = import <secrets/bepasty-secret.nix>;
+ ext-dom = "paste.lassul.us" ;
+in {
+
+ services.nginx.enable = mkDefault true;
+ krebs.bepasty = {
+ enable = true;
+ serveNginx= true;
+
+ servers = {
+ "paste.r" = {
+ nginx = {
+ serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+ };
+ defaultPermissions = "admin,list,create,read,delete";
+ secretKey = secKey;
+ };
+
+ "${ext-dom}" = {
+ nginx = {
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
+ };
+ defaultPermissions = "read";
+ secretKey = secKey;
+ };
+ };
+ };
+}