summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bepasty-dual.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-10-31 00:14:35 +0100
committerlassulus <lass@aidsballs.de>2015-10-31 00:14:35 +0100
commit10779f3cb9b7e00aac50faa98adbd2ebd9a675a0 (patch)
tree7aef8997e959c346cb9ae61f7bc1626a8c5bb473 /makefu/2configs/bepasty-dual.nix
parent5b4a34062462311973bb1798fe3e4538e6eb5706 (diff)
parent546469e18d24252360279ea276eb9a502670c712 (diff)
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r--makefu/2configs/bepasty-dual.nix32
1 files changed, 18 insertions, 14 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index fb90f4c9f..123ae3cf9 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -11,7 +11,11 @@
# bepasty-secret.nix <- contains single string
with lib;
-{
+let
+ sec = toString <secrets>;
+ # secKey is nothing worth protecting on a local machine
+ secKey = import <secrets/bepasty-secret.nix>;
+in {
krebs.nginx.enable = mkDefault true;
krebs.bepasty = {
@@ -24,28 +28,28 @@ with lib;
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
- secretKey = import <secrets/bepasty-secret.nix>;
+ secretKey = secKey;
};
external = {
nginx = {
server-names = [ "paste.krebsco.de" ];
extraConfig = ''
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 10m;
- ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
- ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
- ssl_verify_client off;
- proxy_ssl_session_reuse off;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers RC4:HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
+ ssl_session_cache shared:SSL:1m;
+ ssl_session_timeout 10m;
+ ssl_certificate ${sec}/wildcard.krebsco.de.crt;
+ ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
+ ssl_verify_client off;
+ proxy_ssl_session_reuse off;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers RC4:HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+ if ($scheme = http){
+ return 301 https://$server_name$request_uri;
}'';
};
defaultPermissions = "read";
- secretKey = import <secrets/bepasty-secret.nix>;
+ secretKey = secKey;
};
};
};