diff options
author | lassulus <lass@lassul.us> | 2016-12-25 12:13:49 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2016-12-25 12:13:49 +0100 |
commit | 9224478adf54f7f65c7e8565c846160b2f0ea467 (patch) | |
tree | ca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/1systems/wry.nix | |
parent | 8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff) | |
parent | 1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r-- | makefu/1systems/wry.nix | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 17e81f793..6290ff6e9 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -21,9 +21,7 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix - ../2configs/nginx/euer.test.nix - - #../2configs/elchos/stats.nix + # ../2configs/nginx/euer.test.nix # collectd # ../2configs/collectd/collectd-base.nix @@ -47,26 +45,31 @@ in { random-emoji ]; }; - # bepasty to listen only on the correct interfaces - krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; - krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ]; - # prepare graphs - krebs.nginx.enable = true; + services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; krebs.tinc_graphs = { enable = true; nginx = { enable = true; # TODO: remove hard-coded hostname complete = { - listen = [ "${internal-ip}:80" ]; - server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; }; anonymous = { - listen = [ "${external-ip}:80" ] ; - server-names = [ "graphs.krebsco.de" ]; + enableSSL = true; + forceSSL = true; + enableACME = true; }; }; }; |