WIP

hosts/bekkalokk/configuration.nix

@@ -10,7 +10,7 @@
 
     # TODO: set up authentication for the following:
     # ./services/website.nix
-    ./services/nginx.nix
+    ./services/nginx
     ./services/gitea/default.nix
     # ./services/mediawiki.nix
   ];

hosts/bekkalokk/services/nginx/default.nix

@@ -0,0 +1,22 @@
+{ pkgs, config, ... }:
+{
+  imports = [
+    ./ingress.nix
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "drift@pvv.ntnu.no";
+  };
+
+  services.nginx = {
+    enable = true;
+
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}

hosts/bekkalokk/services/nginx/ingress.nix

@@ -0,0 +1,140 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts = {
+    "www2.pvv.ntnu.no" = {
+      serverAliases = [ "www2.pvv.org" ];
+      locations = {
+        # "^/$".return = "301 http://www.pvv.ntnu.no/pvv/";
+        "^/$".return = "301 http://www.pvv.ntnu.no/";
+
+        "^/disk/".return = "301 http://www.pvv.ntnu.no/pvv/Diskkjøp";
+        "^/dok/boker.php".return = "301 http://www.pvv.ntnu.no/pvv/Bokhyllen";
+        "^/styret/$".return = "301 http://www.pvv.ntnu.no/pvv/Styret";
+        "^/styret/lover/".return = "301 http://www.pvv.ntnu.no/pvv/Lover";
+        "^/info/$".return = "301 http://www.pvv.ntnu.no/pvv/";
+        "^/info/maskinpark/$".return = "301 http://www.pvv.ntnu.no/pvv/Maskiner";
+        "^/medlemssider/meldinn.php".return = "301 http://www.pvv.ntnu.no/pvv/Medlemskontingent";
+        "^/diverse/medlems-sider.php".return = "301 http://www.pvv.ntnu.no/pvv/Medlemssider";
+        "^/cert/$".return = "301 http://www.pvv.ntnu.no/pvv/CERT";
+        "^/drift".return = "301 http://www.pvv.ntnu.no/pvv/Drift";
+        "^/diverse/abuse.php".return = "301 http://www.pvv.ntnu.no/pvv/CERT/Abuse";
+        "^/nerds/".return = "301 http://www.pvv.ntnu.no/pvv/Nerdepizza";
+
+        "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
+
+      };
+      extraConfig = ''
+        rewrite ^/(~.*) http://tom.pvv.ntnu.no/$1 permanent;
+      '';
+    };
+  };
+}
+
+
+
+## Om denne er "none" gjør det at apache ikke gidder å åpne .htaccess-filer. Det
+## er veldig greit om man ikke vil at den skal automounte /home/pvv/.htaccess,
+## for å ta et tilfeldig eksempel ;-)
+#<Directory />
+#    AllowOverride none
+#</Directory>
+
+#<Directory /var/www/pvv>
+#    Options Indexes FollowSymLinks
+#    AllowOverride All
+#    Order allow,deny
+#    Allow from all
+#    AddDefaultCharset iso-8859-1
+#</Directory>
+
+#<Directory />
+#        Options FollowSymLinks
+#        AllowOverride None
+#</Directory>
+
+#<Directory /var/www/wiki.pvv.ntnu.no>
+#        Options FollowSymLinks SymLinksIfOwnerMatch
+#        AllowOverride None
+#        Order allow,deny
+#        Allow from all
+#</Directory>
+
+#Alias /pvv "/var/www/wiki.pvv.ntnu.no/w/index.php"
+#Alias /w /var/www/wiki.pvv.ntnu.no/w
+#Alias /moin-static/ "/usr/share/moin/htdocs/"
+#ScriptAlias /gammel "/usr/share/moin/server/moin.cgi"
+
+## :80 defineres av debians default ports.conf, men ikke :443
+##NameVirtualHost *:80
+#NameVirtualHost *:443
+
+#<VirtualHost *:80>
+#    ServerName www.pvv.ntnu.no
+#    ServerAlias www.pvv.org
+#    ServerAdmin drift@pvv.ntnu.no
+#    DocumentRoot /var/www/pvv
+
+#    RedirectPermanent /webmail https://webmail.pvv.ntnu.no/squirrelmail
+
+#    RewriteEngine on
+#    RewriteRule ^/(~.*) http://tom.pvv.ntnu.no/$1 [P]
+#    ProxyPreserveHost on
+
+#</VirtualHost>
+
+#<VirtualHost *:443>
+#    ServerName www.pvv.ntnu.no
+#    ServerAlias www.pvv.org
+#    ServerAdmin drift@pvv.ntnu.no
+#    DocumentRoot /var/www/pvv
+
+#    SSLEngine on
+#    SSLProxyEngine on
+#    SSLCertificateFile /etc/apache2/certs/www.pvv.ntnu.no.new.crt
+#    SSLCertificateKeyFile /etc/apache2/certs/www.pvv.ntnu.no.new.key
+#    SSLCertificateChainFile /etc/apache2/certs/www.pvv.ntnu.no_chain.new.crt
+##    SSLCertificateChainFile /etc/apache2/certs/DigiCertCA.crt
+#    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+##    SSLProxyVerify none
+##    SSLProxyCheckPeerCN off
+##    SSLProxyCheckPeerName off
+#    SSLProxyCheckPeerExpire off
+
+#    RedirectPermanent /webmail https://webmail.pvv.ntnu.no/squirrelmail
+
+
+#    RewriteEngine on
+#    RewriteRule ^/(~.*) https://tom.pvv.ntnu.no/$1 [P]
+#    ProxyPreserveHost on
+
+#</VirtualHost>
+
+## Redirects for gamle wiki.pvv.ntnu.no
+#<VirtualHost *:80>
+#    ServerAdmin drift@pvv.org
+#    ServerName wiki.pvv.ntnu.no
+#    ServerAlias wiki.pvv.org
+#    DocumentRoot /var/www/pvv
+
+#    RedirectPermanent / http://www.pvv.ntnu.no/
+
+#    LogLevel warn
+#    CustomLog /var/log/apache2/wiki.log combined
+#    ErrorLog /var/log/apache2/error.log
+#</VirtualHost>
+
+#<VirtualHost *:443>
+#    ServerAdmin drift@pvv.org
+#    ServerName wiki.pvv.ntnu.no
+#    ServerAlias wiki.pvv.org
+#    DocumentRoot /var/www/pvv
+
+#    RedirectPermanent / https://www.pvv.ntnu.no/
+
+#    SSLEngine on
+#    SSLProxyEngine on
+#    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
+#    SSLCertificateFile /etc/apache2/certs/www.pvv.ntnu.no.crt
+#    SSLCertificateKeyFile /etc/apache2/certs/www.pvv.ntnu.no.key
+#    SSLCertificateChainFile /etc/apache2/certs/www.pvv.ntnu.no_chain.crt
+#</VirtualHost>