From d5985e02f319a893030a62aeaf4befb77c4b65c0 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 5 Nov 2023 01:41:45 +0100
Subject: [PATCH 1/3] Prepare to replace knakelibrak

Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
---
 hosts/bekkalokk/configuration.nix             |  2 +-
 .../services/{nginx.nix => nginx/default.nix} |  4 ++
 hosts/bekkalokk/services/nginx/ingress.nix    | 48 +++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)
 rename hosts/bekkalokk/services/{nginx.nix => nginx/default.nix} (90%)
 create mode 100644 hosts/bekkalokk/services/nginx/ingress.nix

diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix
index 358c43e..618ed75 100644
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -10,7 +10,7 @@
 
     # TODO: set up authentication for the following:
     # ./services/website.nix
-    ./services/nginx.nix
+    ./services/nginx
     ./services/gitea/default.nix
     ./services/webmail
     # ./services/mediawiki.nix
diff --git a/hosts/bekkalokk/services/nginx.nix b/hosts/bekkalokk/services/nginx/default.nix
similarity index 90%
rename from hosts/bekkalokk/services/nginx.nix
rename to hosts/bekkalokk/services/nginx/default.nix
index 183f49e..a1a2253 100644
--- a/hosts/bekkalokk/services/nginx.nix
+++ b/hosts/bekkalokk/services/nginx/default.nix
@@ -1,5 +1,9 @@
 { pkgs, config, ... }:
 {
+  imports = [
+    ./ingress.nix
+  ];
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "drift@pvv.ntnu.no";
diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix
new file mode 100644
index 0000000..7aeb0f3
--- /dev/null
+++ b/hosts/bekkalokk/services/nginx/ingress.nix
@@ -0,0 +1,48 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts = {
+    "www2.pvv.ntnu.no" = {
+      addSSL = true;
+      enableACME = true;
+
+      # TODO after updating the corresponding DNS record:
+      # serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ]
+      serverAliases = [ "www2.pvv.org" ];
+
+      locations = {
+        # Redirect the main website
+        "= /".return = "301 https://www.pvv.ntnu.no/";
+
+        # Proxy home directories
+        "/~" = {
+          extraConfig = ''
+            proxy_redirect off;
+            proxy_pass https://tom.pvv.ntnu.no;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          '';
+        };
+
+        # Redirect old wiki entries
+        "/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
+        "/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
+        "/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
+        "/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
+        "/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
+        "/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
+        "/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
+        "/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
+        "/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
+        "/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
+        "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
+        "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
+
+        # TODO: Redirect web main
+        "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
+      };
+    };
+  };
+}
+

From d900dc1b1b778aecc7f9797fcc20186cc5e14ca4 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felixalbrigtsen@gmail.com>
Date: Mon, 27 Nov 2023 20:31:19 +0100
Subject: [PATCH 2/3] Redirect subpages like ./well-known, add @-domains

---
 hosts/bekkalokk/services/nginx/ingress.nix | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix
index 7aeb0f3..55da4a0 100644
--- a/hosts/bekkalokk/services/nginx/ingress.nix
+++ b/hosts/bekkalokk/services/nginx/ingress.nix
@@ -2,17 +2,11 @@
 {
   services.nginx.virtualHosts = {
     "www2.pvv.ntnu.no" = {
+      serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
       addSSL = true;
       enableACME = true;
 
-      # TODO after updating the corresponding DNS record:
-      # serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ]
-      serverAliases = [ "www2.pvv.org" ];
-
       locations = {
-        # Redirect the main website
-        "= /".return = "301 https://www.pvv.ntnu.no/";
-
         # Proxy home directories
         "/~" = {
           extraConfig = ''
@@ -39,8 +33,11 @@
         "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
         "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
 
-        # TODO: Redirect web main
+        # TODO: Redirect webmail
         "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
+
+        # Redirect everything else to the main website
+        "/".return = "301 https://www.pvv.ntnu.no$request_uri";
       };
     };
   };

From 1ef033c754069454e28740f5f2842a7c897a2d88 Mon Sep 17 00:00:00 2001
From: Daniel Olsen <daniel.olsen99@gmail.com>
Date: Tue, 28 Nov 2023 05:43:23 +0100
Subject: [PATCH 3/3] bekkalokk/ingress: proxy matrix well-known files to bicep

---
 hosts/bekkalokk/services/nginx/ingress.nix | 10 ++++++++++
 hosts/bicep/services/matrix/synapse.nix    | 14 +++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix
index 55da4a0..2950846 100644
--- a/hosts/bekkalokk/services/nginx/ingress.nix
+++ b/hosts/bekkalokk/services/nginx/ingress.nix
@@ -38,6 +38,16 @@
 
         # Redirect everything else to the main website
         "/".return = "301 https://www.pvv.ntnu.no$request_uri";
+
+        # Proxy the matrix well-known files
+        # Host has be set before proxy_pass
+        # The header must be set so nginx on the other side routes it to the right place
+        "/.well-known/matrix/" = {
+          extraConfig = ''
+            proxy_set_header Host matrix.pvv.ntnu.no;
+            proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
+          '';
+        };
       };
     };
   };
diff --git a/hosts/bicep/services/matrix/synapse.nix b/hosts/bicep/services/matrix/synapse.nix
index 1341dec..2b0d160 100644
--- a/hosts/bicep/services/matrix/synapse.nix
+++ b/hosts/bicep/services/matrix/synapse.nix
@@ -216,7 +216,19 @@ in {
 
   services.redis.servers."".enable = true;
   
-  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [({
+  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
+  ({
+    locations."/.well-known/matrix/server" = {
+      return = ''
+        200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
+      '';
+      extraConfig = ''
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+      '';
+    };
+  })
+  ({
     locations = let
       connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
       socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";