k 3 bepasty-server: finish krebs.nginx -> servers.nginx

2016-12-25 00:21:54 +01:00 · 2016-12-25 00:21:54 +01:00 · 3682e60aee
commit 3682e60aee
parent 83ca6e1879
2 changed files with 19 additions and 27 deletions
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@ -48,6 +48,7 @@ let
          default = "";
        };

+
        # we create a wsgi socket in $workDir/gunicorn-${name}.wsgi
        workDir = mkOption {
          type = types.str;
@ -155,21 +156,22 @@ let
    assertions = [{ assertion = config.services.nginx.enable;
                     message = "services.nginx.enable must be true"; }];

-    services.nginx.virtualHosts = mapAttrs ( server:
-      (mkMerge [ server.nginx  {
-        extraConfig = ''
-          client_max_body_size 32M;
-          '';
-        locations = {
-          "/" = ''
-            proxy_set_header Host $http_host;
-            proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
-           '';
-          "/static/" = ''
-            alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
-          '';
-        };
-      }])) cfg.servers ;
+    services.nginx.virtualHosts = mapAttrs ( name: server:
+      (mkMerge [
+        server.nginx
+        {
+          extraConfig = ''
+            client_max_body_size 32M;
+            '';
+          locations = {
+            "/".extraConfig = "proxy_set_header Host $http_host;";
+            "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
+            "/static/".extraConfig = ''
+              alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
+            '';
+          };
+        }])
+      ) cfg.servers ;
  };
 in
 out
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@ -26,8 +26,7 @@ in {
    serveNginx= true;

    servers = {
-      internal = {
-        domain  = "paste.r";
+      "paste.r" = {
        nginx = {
          serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
        };
@ -35,8 +34,7 @@ in {
        secretKey = secKey;
      };

-      external = {
-        domain = ext-dom;
+      "${ext-dom}" = {
        nginx = {
          enableSSL = true;
          forceSSL = true;
@ -47,12 +45,4 @@ in {
      };
    };
  };
-  security.acme.certs."${ext-dom}" = {
-    email = "acme@syntax-fehler.de";
-    webroot = "${acmechall}/${ext-dom}/";
-    group = "nginx";
-    allowKeysForGroup = true;
-    postRun = "systemctl reload nginx.service";
-    extraDomains."${ext-dom}" = null ;
-  };
 }