summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/wry.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-12-25 01:08:49 +0100
committermakefu <github@syntax-fehler.de>2016-12-25 01:08:49 +0100
commit1488a0c752eb368d03b95fe9069e47d9eb952ca0 (patch)
tree3cecb0aa0676373c1cbb13f6a3cfd2b0721567e0 /makefu/1systems/wry.nix
parent47ade5b208c2fa2a1c4b96cbe753d2889a9da55e (diff)
m 1 wry: forbid external paste access
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r--makefu/1systems/wry.nix12
1 files changed, 6 insertions, 6 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 81ee37bbe..6290ff6e9 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -13,7 +13,7 @@ in {
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/save-diskspace.nix
- # ../2configs/bepasty-dual.nix
+ ../2configs/bepasty-dual.nix
../2configs/iodined.nix
../2configs/backup.nix
@@ -45,14 +45,14 @@ in {
random-emoji ];
};
- # bepasty to listen only on the correct interfaces
- krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
- krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
-
# prepare graphs
services.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
-
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
krebs.tinc_graphs = {
enable = true;
nginx = {