Merge remote-tracking branch 'prism/makefu'

author: tv <tv@krebsco.de> 2017-04-12 09:24:46 +0200
committer: tv <tv@krebsco.de> 2017-04-12 09:24:46 +0200
commit: 0248fce6be6705de4a6beab0f2a9336550df9d18 (patch)
tree: 6865e194d5df1f9f77a03da06192d5034f97cacf /makefu/2configs/deployment/graphs.nix
parent: 75f43655d379a7aeed58b9cb423759b8a3696a9a (diff)
parent: 9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
new file mode 100644
index 000000000..35a724f6a
--- /dev/null
+++ b/makefu/2configs/deployment/graphs.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  hn = config.krebs.build.host.name;
+in {
+  krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+    if ( $server_addr = "${external-ip}" ) {
+      return 403;
+    }
+  '';
+  krebs.tinc_graphs = {
+    enable = true;
+    nginx = {
+      enable = true;
+      # TODO: remove hard-coded hostname
+      complete = {
+        extraConfig = ''
+          if ( $server_addr = "${external-ip}" ) {
+            return 403;
+          }
+        '';
+        serverAliases = [
+          "graphs.r" "graphs.retiolum"
+          "graphs.${hn}" "graphs.${hn}.retiolum"
+        ];
+      };
+      anonymous = {
+        enableSSL = true;
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+}
author	tv <tv@krebsco.de>	2017-04-12 09:24:46 +0200
committer	tv <tv@krebsco.de>	2017-04-12 09:24:46 +0200
commit	0248fce6be6705de4a6beab0f2a9336550df9d18 (patch)
tree	6865e194d5df1f9f77a03da06192d5034f97cacf /makefu/2configs/deployment/graphs.nix
parent	75f43655d379a7aeed58b9cb423759b8a3696a9a (diff)
parent	9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff)