diff options
-rw-r--r-- | krebs/3modules/bepasty-server.nix | 32 | ||||
-rw-r--r-- | makefu/2configs/bepasty-dual.nix | 14 |
2 files changed, 19 insertions, 27 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 73d734237..4e035e725 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -48,6 +48,7 @@ let default = ""; }; + # we create a wsgi socket in $workDir/gunicorn-${name}.wsgi workDir = mkOption { type = types.str; @@ -155,21 +156,22 @@ let assertions = [{ assertion = config.services.nginx.enable; message = "services.nginx.enable must be true"; }]; - services.nginx.virtualHosts = mapAttrs ( server: - (mkMerge [ server.nginx { - extraConfig = '' - client_max_body_size 32M; - ''; - locations = { - "/" = '' - proxy_set_header Host $http_host; - proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock; - ''; - "/static/" = '' - alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; - ''; - }; - }])) cfg.servers ; + services.nginx.virtualHosts = mapAttrs ( name: server: + (mkMerge [ + server.nginx + { + extraConfig = '' + client_max_body_size 32M; + ''; + locations = { + "/".extraConfig = "proxy_set_header Host $http_host;"; + "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock"; + "/static/".extraConfig = '' + alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; + ''; + }; + }]) + ) cfg.servers ; }; in out diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index a4c6777bc..936aaf004 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -26,8 +26,7 @@ in { serveNginx= true; servers = { - internal = { - domain = "paste.r"; + "paste.r" = { nginx = { serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; @@ -35,8 +34,7 @@ in { secretKey = secKey; }; - external = { - domain = ext-dom; + "${ext-dom}" = { nginx = { enableSSL = true; forceSSL = true; @@ -47,12 +45,4 @@ in { }; }; }; - security.acme.certs."${ext-dom}" = { - email = "acme@syntax-fehler.de"; - webroot = "${acmechall}/${ext-dom}/"; - group = "nginx"; - allowKeysForGroup = true; - postRun = "systemctl reload nginx.service"; - extraDomains."${ext-dom}" = null ; - }; } |