summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/wry.nix
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2016-12-25 12:13:49 +0100
committerlassulus <lass@lassul.us>2016-12-25 12:13:49 +0100
commit9224478adf54f7f65c7e8565c846160b2f0ea467 (patch)
treeca477dd5d011581da0b3796f30c842c9fdddf214 /makefu/1systems/wry.nix
parent8f16b738c75f25738ca94f146d84c5cc5ec7eaa3 (diff)
parent1eceb8ac46fd1cebbb5091a50359e4863efdaf42 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r--makefu/1systems/wry.nix29
1 files changed, 16 insertions, 13 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 17e81f793..6290ff6e9 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -21,9 +21,7 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
- ../2configs/nginx/euer.test.nix
-
- #../2configs/elchos/stats.nix
+ # ../2configs/nginx/euer.test.nix
# collectd
# ../2configs/collectd/collectd-base.nix
@@ -47,26 +45,31 @@ in {
random-emoji ];
};
- # bepasty to listen only on the correct interfaces
- krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
- krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
-
# prepare graphs
- krebs.nginx.enable = true;
+ services.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
-
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
krebs.tinc_graphs = {
enable = true;
nginx = {
enable = true;
# TODO: remove hard-coded hostname
complete = {
- listen = [ "${internal-ip}:80" ];
- server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
};
anonymous = {
- listen = [ "${external-ip}:80" ] ;
- server-names = [ "graphs.krebsco.de" ];
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
};
};
};