3 files changed, 24 insertions, 15 deletions

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 42764e48c..4f8f964f8 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -163,10 +163,11 @@ with lib;
       dc = "makefu"; #dc = "cac";
       extraZones = {
         "krebsco.de" = ''
-          wry            IN A ${head nets.internet.addrs4}
-          io             IN NS     wry.krebsco.de.
-          graphs         IN A ${head nets.internet.addrs4}
-          tinc           IN A ${head nets.internet.addrs4}
+          wry            IN A  ${head nets.internet.addrs4}
+          io             IN NS wry.krebsco.de.
+          graphs         IN A  ${head nets.internet.addrs4}
+          paste       60 IN A  ${head nets.internet.addrs4}
+          tinc           IN A  ${head nets.internet.addrs4}
           '';
       };
       nets = rec {
@@ -174,6 +175,7 @@ with lib;
           addrs4 = ["104.233.87.86"];
           aliases = [
             "wry.internet"
+            "paste.internet"
           ];
         };
         retiolum = {
@@ -182,6 +184,8 @@ with lib;
           addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
           aliases = [
             "graphs.wry.retiolum"
+            "paste.wry.retiolum"
+            "paste.retiolum"
             "wry.retiolum"
           ];
           tinc.pubkey = ''
@@ -210,8 +214,7 @@ with lib;
         "krebsco.de" = ''
           omo               IN A      ${head nets.internet.addrs4}
           euer              IN A      ${head nets.internet.addrs4}
-          gum               IN A      ${head nets.internet.addrs4}
-          paste             IN A      ${head nets.internet.addrs4}'';
+          gum               IN A      ${head nets.internet.addrs4} '';
       };
       nets = {
         internet = {
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 0530921a0..921771033 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -36,7 +36,7 @@ let
           type = with types; listOf (attrsOf str);
         };
         extraConfig = mkOption {
-          type = with types; str;
+          type = with types; string;
           default = "";
         };
       };
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index eed11642f..65bb51193 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -16,6 +16,14 @@ let
         description = "hostname which serves tinc boot";
         default = "tinc.krebsco.de" ;
     };
+    listen = mkOption {
+        type = with types; listOf str;
+        description = ''Addresses to listen on (nginx-syntax).
+        ssl will be configured, http will be redirected to ssl.
+        Make sure to have at least 1 ssl port configured.
+        '';
+        default = [ "80" "443 ssl" ] ;
+    };
     ssl_certificate_key = mkOption {
         type = types.str;
         description = "Certificate key to use for ssl";
@@ -33,19 +41,17 @@ let
 
   imp = {
     krebs.nginx.servers = assert config.krebs.nginx.enable; {
-      retiolum-boot-redir = {
-        server-names = singleton cfg.hostname;
-        extraConfig = ''
-          return 301 https://$server_name$request_uri;
-        '';
-        locations = [];
-      };
       retiolum-boot-ssl = {
         server-names = singleton cfg.hostname;
-        listen = "443 ssl";
+        listen = cfg.listen;
         extraConfig = ''
           ssl_certificate ${cfg.ssl_certificate};
           ssl_certificate_key ${cfg.ssl_certificate_key};
+
+          if ($scheme = http){
+            return 301 https://$server_name$request_uri;
+          }
+
           root ${pkgs.retiolum-bootstrap};
           try_files $uri $uri/retiolum.sh;
         '';