l: fix nginx path traversal

2019-10-10 14:27:52 +02:00 · 2019-10-10 14:27:52 +02:00 · 7fb3248a6c
commit 7fb3248a6c
parent ee36de2973
3 changed files with 11 additions and 8 deletions
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -184,7 +184,7 @@ with import <stockholm/lib>;
      imports = [
        <stockholm/lass/2configs/realwallpaper.nix>
      ];
-      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
+      services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = ''
        alias /var/realwallpaper/realwallpaper.png;
      '';
    }
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@ -230,11 +230,11 @@ in {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://localhost:8000;
      '';
-      locations."/recent".extraConfig = ''
+      locations."= /recent".extraConfig = ''
        alias /tmp/played;
      '';
    };
-    virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
+    virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let
      html = pkgs.writeText "index.html" ''
        <!DOCTYPE html>
        <html lang="en">
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@ -37,30 +37,33 @@ in {
    locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
      alias ${config.krebs.tinc.retiolum.hostsArchive};
    '';
    locations."= /hosts".extraConfig = ''
      alias ${pkgs.krebs-hosts_combined};
    '';
    locations."= /retiolum.hosts".extraConfig = ''
      alias ${pkgs.krebs-hosts-retiolum};
    '';
    locations."= /wireguard-key".extraConfig = ''
      alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
    '';
-    locations."/tinc".extraConfig = ''
+    locations."/tinc/".extraConfig = ''
      alias ${config.krebs.tinc_graphs.workingDir}/external;
    '';
-    locations."/krebspage".extraConfig = ''
+    locations."= /krebspage".extraConfig = ''
      default_type "text/html";
      alias ${pkgs.krebspage}/index.html;
    '';
-    locations."/init".extraConfig = let
+    locations."= /init".extraConfig = let
      initscript = pkgs.init.override {
        pubkey = config.krebs.users.lass.pubkey;
      };
    in ''
      alias ${initscript};
    '';
-    locations."/pub".extraConfig = ''
+    locations."= /pub".extraConfig = ''
      alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
    '';
-    locations."/pub1".extraConfig = ''
+    locations."= /pub1".extraConfig = ''
      alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
    '';
  };