From 64ec245cf67f1b0a380cf9b9848287d2a07e8bbd Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Tue, 3 Apr 2018 21:58:01 +0200
Subject: [PATCH] Correction HAProxy

---
 services.nix | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/services.nix b/services.nix
index d819e24..a14e19b 100644
--- a/services.nix
+++ b/services.nix
@@ -3,41 +3,40 @@
 {
   services.haproxy.enable = true;
   services.haproxy.config = ''
-    defaults
+    global
       log /dev/log local0
       log /dev/log local1 notice
       chroot /var/lib/haproxy
       user haproxy
       group haproxy
+    defaults
       option forwardfor
       option http-server-close
     frontend www-http
-      bind tars.nyanlout.re:80
-      reqadd X-Forwarded-Proto:\ http
-      default_backend www-backend
-    frontend www-https
-      bind tars.nyanlout.re:443 ssl crt /var/lib/acme/tars.nyanlout.re/fullchain.pem
-      reqadd X-Forwarded-Proto:\ https
+      mode http
+      bind :80
       acl letsencrypt-acl path_beg /.well-known/acme-challenge/
       use_backend letsencrypt-backend if letsencrypt-acl
-      default_backend www-backend
-    backend www-backend
-      redirect scheme https if !{ ssl_fc }
-      server www-1 127.0.0.1:3000 check
+      use_backend grafana-backend if !letsencrypt-acl
+    backend grafana-backend
+      mode http
+      server grafana 127.0.0.1:3000 check
     backend letsencrypt-backend
+      mode http
       server letsencrypt 127.0.0.1:54321
   '';
 
   services.nginx.enable = true;
   services.nginx.virtualHosts = {
     "acme" = {
-      listen = [ { port = 54321; } ];
-      locations = { "/" = { root = "/var/www/challenges" }; };
+      listen = [ { addr = "127.0.0.1"; port = 54321; } ];
+      locations = { "/" = { root = "/var/www/challenges"; }; };
     };
   };
 
   security.acme.certs = {
     "tars.nyanlout.re" = {
+      user = "nginx";
       webroot = "/var/www/challenges";
       email = "paul@nyanlout.re";
     };