m 2 *: s,/root/secrets,<secrets>,
This commit is contained in:
parent
8bc538b9e7
commit
6410fd0f85
@ -11,7 +11,11 @@
|
||||
# bepasty-secret.nix <- contains single string
|
||||
|
||||
with lib;
|
||||
{
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
# secKey is nothing worth protecting on a local machine
|
||||
secKey = import <secrets/bepasty-secret.nix>;
|
||||
in {
|
||||
|
||||
krebs.nginx.enable = mkDefault true;
|
||||
krebs.bepasty = {
|
||||
@ -24,7 +28,7 @@ with lib;
|
||||
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
||||
};
|
||||
defaultPermissions = "admin,list,create,read,delete";
|
||||
secretKey = import <secrets/bepasty-secret.nix>;
|
||||
secretKey = secKey;
|
||||
};
|
||||
|
||||
external = {
|
||||
@ -33,8 +37,8 @@ with lib;
|
||||
extraConfig = ''
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
|
||||
ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
|
||||
ssl_certificate ${sec}/wildcard.krebsco.de.crt;
|
||||
ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
|
||||
ssl_verify_client off;
|
||||
proxy_ssl_session_reuse off;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
@ -45,7 +49,7 @@ with lib;
|
||||
}'';
|
||||
};
|
||||
defaultPermissions = "read";
|
||||
secretKey = import <secrets/bepasty-secret.nix>;
|
||||
secretKey = secKey;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -2,8 +2,9 @@
|
||||
|
||||
with lib;
|
||||
let
|
||||
ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
|
||||
ssl_key = "/root/secrets/wildcard.krebsco.de.key";
|
||||
sec = toString <secrets>;
|
||||
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||
hostname = krebs.build.host.name;
|
||||
in {
|
||||
krebs.nginx = {
|
||||
|
@ -2,8 +2,9 @@
|
||||
|
||||
with lib;
|
||||
let
|
||||
ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
|
||||
ssl_key = "/root/secrets/wildcard.krebsco.de.key";
|
||||
sec = toString <secrets>;
|
||||
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
fpm-socket = "/var/run/php5-fpm.sock";
|
||||
@ -16,7 +17,7 @@ let
|
||||
# contains:
|
||||
# user1 = pass1
|
||||
# userN = passN
|
||||
tw-pass-file = "/root/secrets/tw-pass.ini";
|
||||
tw-pass-file = "${sec}/tw-pass.ini";
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
in {
|
||||
|
Loading…
Reference in New Issue
Block a user