summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/wry.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r--makefu/1systems/wry.nix29
1 files changed, 16 insertions, 13 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 17e81f793..6290ff6e9 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -21,9 +21,7 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
- ../2configs/nginx/euer.test.nix
-
- #../2configs/elchos/stats.nix
+ # ../2configs/nginx/euer.test.nix
# collectd
# ../2configs/collectd/collectd-base.nix
@@ -47,26 +45,31 @@ in {
random-emoji ];
};
- # bepasty to listen only on the correct interfaces
- krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
- krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
-
# prepare graphs
- krebs.nginx.enable = true;
+ services.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
-
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
krebs.tinc_graphs = {
enable = true;
nginx = {
enable = true;
# TODO: remove hard-coded hostname
complete = {
- listen = [ "${internal-ip}:80" ];
- server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
};
anonymous = {
- listen = [ "${external-ip}:80" ] ;
- server-names = [ "graphs.krebsco.de" ];
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
};
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 10:57:25 +0000