Merge remote-tracking branch 'gum/master'

author: lassulus <lass@lassul.us> 2016-12-25 12:13:49 +0100
committer: lassulus <lass@lassul.us> 2016-12-25 12:13:49 +0100
commit: 9224478adf54f7f65c7e8565c846160b2f0ea467 (patch)
tree: ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/1systems/shoney.nix
parent: 8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff)
parent: 1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 1c5d2352e..96aeb2856 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -21,7 +21,6 @@ in {
   krebs = {
     enable = true;
     build.host = config.krebs.hosts.shoney;
-    nginx.enable = true;
     tinc_graphs = {
       enable = true;
       network = "siem";
@@ -29,9 +28,15 @@ in {
       nginx = {
         enable = true;
         # TODO: remove hard-coded hostname
+        anonymous-domain = "localhost.localdomain";
+        anonymous.extraConfig = "return 403;";
         complete = {
-          listen = [ "${tinc-siem-ip}:80" ];
-          server-names = [ "graphs.siem" ];
+          serverAliases = [ "graphs.siem" ];
+          extraConfig = ''
+            if ( $server_addr = "${ip}" ) {
+              return 403;
+            }
+          '';
         };
       };
     };
author	lassulus <lass@lassul.us>	2016-12-25 12:13:49 +0100
committer	lassulus <lass@lassul.us>	2016-12-25 12:13:49 +0100
commit	9224478adf54f7f65c7e8565c846160b2f0ea467 (patch)
tree	ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/1systems/shoney.nix
parent	8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff)
parent	1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff)