Merge pull request 'bekkalokk: set up idp + mediawiki' (#25) from mediawiki-on-bekkalokk into main

Reviewed-on: #25
2024-04-02 00:00:24 +02:00
parent 07c480d004 d531419f35
commit 06bd93e5d1
25 changed files with 5230 additions and 204 deletions
--- a/base.nix
+++ b/base.nix
@@ -3,6 +3,7 @@
 {
  imports = [
    ./users
+    ./modules/snakeoil-certs.nix
  ];

  networking.domain = "pvv.ntnu.no";
@@ -83,5 +84,21 @@
    settings.PermitRootLogin = "yes";
  };

+  # nginx return 444 for all nonexistent virtualhosts

+  systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
+
+  environment.snakeoil-certs = lib.mkIf (config.services.nginx.enable) {
+    "/etc/certs/nginx" = {
+      owner = "nginx";
+      group = "nginx";
+    };
+  };
+
+  services.nginx.virtualHosts."_" = lib.mkIf (config.services.nginx.enable) {
+    sslCertificate = "/etc/certs/nginx.crt";
+    sslCertificateKey = "/etc/certs/nginx.key";
+    addSSL = true;
+    extraConfig = "return 444;";
+  };
 }