From 4cd4384aee5c8bcbb102ee625d0f3ef25804a1d9 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 14 Sep 2024 20:51:13 +0200 Subject: [PATCH] bekkalokk/nginx: host `.well-known` --- hosts/bekkalokk/configuration.nix | 1 + hosts/bekkalokk/services/website/default.nix | 10 ------ .../bekkalokk/services/well-known/default.nix | 18 +++++++++++ .../root/autoconfig/mail/config-v1.1.xml | 31 +++++++++++++++++++ .../services/well-known/root/matrix/server | 3 ++ .../services/well-known/root/security.txt | 12 +++++++ 6 files changed, 65 insertions(+), 10 deletions(-) create mode 100644 hosts/bekkalokk/services/well-known/default.nix create mode 100644 hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml create mode 100644 hosts/bekkalokk/services/well-known/root/matrix/server create mode 100644 hosts/bekkalokk/services/well-known/root/security.txt diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix index f8971a6..4c9da34 100644 --- a/hosts/bekkalokk/configuration.nix +++ b/hosts/bekkalokk/configuration.nix @@ -16,6 +16,7 @@ ./services/vaultwarden.nix ./services/webmail ./services/website + ./services/well-known ]; sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml; diff --git a/hosts/bekkalokk/services/website/default.nix b/hosts/bekkalokk/services/website/default.nix index 0689603..488f100 100644 --- a/hosts/bekkalokk/services/website/default.nix +++ b/hosts/bekkalokk/services/website/default.nix @@ -116,16 +116,6 @@ in { "/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift"; "/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse"; "/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza"; - - # Proxy the matrix well-known files - # Host has be set before proxy_pass - # The header must be set so nginx on the other side routes it to the right place - "^~ /.well-known/matrix/" = { - extraConfig = '' - proxy_set_header Host matrix.pvv.ntnu.no; - proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/; - ''; - }; }; }; } diff --git a/hosts/bekkalokk/services/well-known/default.nix b/hosts/bekkalokk/services/well-known/default.nix new file mode 100644 index 0000000..902b0e8 --- /dev/null +++ b/hosts/bekkalokk/services/well-known/default.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + services.nginx.virtualHosts."www.pvv.ntnu.no".locations = { + "^~ /.well-known/" = { + alias = ./root; + }; + + # Proxy the matrix well-known files + # Host has be set before proxy_pass + # The header must be set so nginx on the other side routes it to the right place + "^~ /.well-known/matrix/" = { + extraConfig = '' + proxy_set_header Host matrix.pvv.ntnu.no; + proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/; + ''; + }; + }; +} diff --git a/hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml b/hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml new file mode 100644 index 0000000..e3dbadc --- /dev/null +++ b/hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml @@ -0,0 +1,31 @@ + + + + pvv.ntnu.no + pvv.org + + Programvareverkstedet + + + imap.pvv.ntnu.no + 993 + SSL + %EMAILLOCALPART% + password-cleartext + + + + smtp.pvv.ntnu.no + 587 + STARTTLS + %EMAILLOCALPART% + password-cleartext + true + + + + Setup programvareverkstedet email user with IMAP or POP3 + Sett opp programvareverkstedet email bruker med IMAP eller POP3 + + + diff --git a/hosts/bekkalokk/services/well-known/root/matrix/server b/hosts/bekkalokk/services/well-known/root/matrix/server new file mode 100644 index 0000000..6f6dfe8 --- /dev/null +++ b/hosts/bekkalokk/services/well-known/root/matrix/server @@ -0,0 +1,3 @@ +{ +"m.server": "matrix.pvv.ntnu.no:443" +} diff --git a/hosts/bekkalokk/services/well-known/root/security.txt b/hosts/bekkalokk/services/well-known/root/security.txt new file mode 100644 index 0000000..6d47083 --- /dev/null +++ b/hosts/bekkalokk/services/well-known/root/security.txt @@ -0,0 +1,12 @@ +Contact: mailto:drift@pvv.ntnu.no +Contact: mailto:cert@pvv.ntnu.no +# drift@pvv.ntnu.no is read by more people and have a quicker reaction time, +# but cert@pvv.ntnu.no can be used for more severe issues. + +Preferred-Languages: no, en + +Expires: 2032-12-31T23:59:59.000Z +# This file was last updated 2024-09-14. + +# You can find a wikipage for our security policies at: +# https://wiki.pvv.ntnu.no/wiki/CERT