diff options
author | makefu <github@syntax-fehler.de> | 2016-12-25 01:08:49 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-12-25 01:08:49 +0100 |
commit | 1488a0c752eb368d03b95fe9069e47d9eb952ca0 (patch) | |
tree | 3cecb0aa0676373c1cbb13f6a3cfd2b0721567e0 /makefu/1systems/wry.nix | |
parent | 47ade5b208c2fa2a1c4b96cbe753d2889a9da55e (diff) |
m 1 wry: forbid external paste access
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r-- | makefu/1systems/wry.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 81ee37bbe..6290ff6e9 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -13,7 +13,7 @@ in { ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/save-diskspace.nix - # ../2configs/bepasty-dual.nix + ../2configs/bepasty-dual.nix ../2configs/iodined.nix ../2configs/backup.nix @@ -45,14 +45,14 @@ in { random-emoji ]; }; - # bepasty to listen only on the correct interfaces - krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; - krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ]; - # prepare graphs services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; krebs.tinc_graphs = { enable = true; nginx = { |