From 0696c3ff38ff629ad5f184bc458392de748a87b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 09:10:21 +0200 Subject: m 2 mail: remove client packages from server config --- makefu/2configs/exim-retiolum.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix index cebfd7cea..b8c5c5236 100644 --- a/makefu/2configs/exim-retiolum.nix +++ b/makefu/2configs/exim-retiolum.nix @@ -5,10 +5,6 @@ with lib; krebs.exim-retiolum.enable = true; environment.systemPackages = with pkgs; [ msmtp - mutt-kz - notmuch - # TODO: put this somewhere else - offlineimap ]; } -- cgit v1.2.3 From 506f1c0c382a66f3f2e17519004875f793e489f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:45:32 +0200 Subject: m 2 unstable-sources: sources to unstable nixpkgs --- makefu/2configs/unstable-sources.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/2configs/unstable-sources.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix new file mode 100644 index 000000000..f2d28dcaf --- /dev/null +++ b/makefu/2configs/unstable-sources.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/makefu/nixpkgs; + rev = "984d33884d63d404ff2da76920b8bc8b15471552"; + }; + + dir.secrets = { + host = config.krebs.hosts.pornocauster; + path = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + }; + dir.stockholm = { + host = config.krebs.hosts.pornocauster; + path = toString ../.. ; + }; + }; +} -- cgit v1.2.3 From 6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:49:20 +0200 Subject: wry: is the new provider for paste.krebsco.de --- makefu/2configs/bepasty-dual.nix | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 makefu/2configs/bepasty-dual.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix new file mode 100644 index 000000000..fb170957a --- /dev/null +++ b/makefu/2configs/bepasty-dual.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +# 1systems should configure itself: +# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] +# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] +# 80 is redirected to 443 ssl + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with lib; +{ + + krebs.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + internal = { + nginx = { + server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = import ; + }; + + external = { + nginx = { + server-names = [ "paste.krebsco.de" ]; + extraConfig = '' + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_certificate /root/secrets/wildcard.krebsco.de.crt; + ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_verify_client off; + proxy_ssl_session_reuse off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers RC4:HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + if ($scheme = http){ + return 301 https://$server_name$request_uri; + }''; + }; + defaultPermissions = "read"; + secretKey = import ; + }; + }; + }; +} -- cgit v1.2.3