diff options
author | lassulus <lass@lassul.us> | 2016-12-25 12:13:49 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2016-12-25 12:13:49 +0100 |
commit | 9224478adf54f7f65c7e8565c846160b2f0ea467 (patch) | |
tree | ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/1systems/shoney.nix | |
parent | 8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff) | |
parent | 1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems/shoney.nix')
-rw-r--r-- | makefu/1systems/shoney.nix | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 1c5d2352e..96aeb2856 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -21,7 +21,6 @@ in { krebs = { enable = true; build.host = config.krebs.hosts.shoney; - nginx.enable = true; tinc_graphs = { enable = true; network = "siem"; @@ -29,9 +28,15 @@ in { nginx = { enable = true; # TODO: remove hard-coded hostname + anonymous-domain = "localhost.localdomain"; + anonymous.extraConfig = "return 403;"; complete = { - listen = [ "${tinc-siem-ip}:80" ]; - server-names = [ "graphs.siem" ]; + serverAliases = [ "graphs.siem" ]; + extraConfig = '' + if ( $server_addr = "${ip}" ) { + return 403; + } + ''; }; }; }; |