From ddbabc935b1a072fa3c03c90628be0dcc23ce5b5 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Sun, 24 Mar 2024 02:02:35 +0100 Subject: [PATCH] bekkalokk: WIP add www2 --- flake.lock | 22 ++++++++++++ flake.nix | 35 ++++++++----------- hosts/bekkalokk/configuration.nix | 2 +- hosts/bekkalokk/services/nginx/ingress.nix | 4 +-- hosts/bekkalokk/services/website.nix | 39 ++++++++++++++++++++-- secrets/bekkalokk/bekkalokk.yaml | 10 ++++-- 6 files changed, 82 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 1b6860c..1c54309 100644 --- a/flake.lock +++ b/flake.lock @@ -146,6 +146,27 @@ "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" } }, + "pvv-nettsiden": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711230408, + "narHash": "sha256-KqYkuRTipcLqBYF8l9xwiJOpxMtEoyfpRbC6Yqggqqk=", + "ref": "nixify-ng", + "rev": "96e5e4b8577a356921259c82e54eea020855bbf7", + "revCount": 440, + "type": "git", + "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" + }, + "original": { + "ref": "nixify-ng", + "type": "git", + "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" + } + }, "root": { "inputs": { "disko": "disko", @@ -155,6 +176,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "pvv-calendar-bot": "pvv-calendar-bot", + "pvv-nettsiden": "pvv-nettsiden", "sops-nix": "sops-nix" } }, diff --git a/flake.nix b/flake.nix index fc0ebdf..7729dfa 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,9 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=nixify-ng"; + pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; + pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; @@ -23,7 +26,7 @@ grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs: let nixlib = nixpkgs.lib; systems = [ @@ -53,16 +56,17 @@ modules = [ ./hosts/${name}/configuration.nix sops-nix.nixosModules.sops - ]; + ] ++ config.modules or []; pkgs = import nixpkgs { inherit system; overlays = [ inputs.pvv-calendar-bot.overlays.${system}.default + inputs.pvv-nettsiden.overlays.${system}.default ]; }; } - config + (removeAttrs config [ "modules" ]) ); stableNixosConfig = nixosConfig nixpkgs; @@ -70,19 +74,17 @@ in { bicep = stableNixosConfig "bicep" { modules = [ - ./hosts/bicep/configuration.nix - sops-nix.nixosModules.sops - inputs.matrix-next.nixosModules.default inputs.pvv-calendar-bot.nixosModules.default ]; }; - bekkalokk = stableNixosConfig "bekkalokk" { }; + bekkalokk = stableNixosConfig "bekkalokk" { + modules = [ + inputs.pvv-nettsiden.nixosModules.default + ]; + }; bob = stableNixosConfig "bob" { modules = [ - ./hosts/bob/configuration.nix - sops-nix.nixosModules.sops - disko.nixosModules.disko { disko.devices.disk.disk1.device = "/dev/vda"; } ]; @@ -93,28 +95,17 @@ brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { modules = [ - ./hosts/brzeczyszczykiewicz/configuration.nix - sops-nix.nixosModules.sops - inputs.grzegorz.nixosModules.grzegorz-kiosk inputs.grzegorz-clients.nixosModules.grzegorz-webui ]; }; georg = stableNixosConfig "georg" { modules = [ - ./hosts/georg/configuration.nix - sops-nix.nixosModules.sops - inputs.grzegorz.nixosModules.grzegorz-kiosk inputs.grzegorz-clients.nixosModules.grzegorz-webui ]; }; - buskerud = stableNixosConfig "buskerud" { - modules = [ - ./hosts/buskerud/configuration.nix - sops-nix.nixosModules.sops - ]; - }; + buskerud = stableNixosConfig "buskerud" { }; }; devShells = forAllSystems (system: { diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix index 618ed75..4024405 100644 --- a/hosts/bekkalokk/configuration.nix +++ b/hosts/bekkalokk/configuration.nix @@ -9,7 +9,7 @@ #./services/keycloak.nix # TODO: set up authentication for the following: - # ./services/website.nix + #./services/website.nix ./services/nginx ./services/gitea/default.nix ./services/webmail diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix index 2950846..3b2e363 100644 --- a/hosts/bekkalokk/services/nginx/ingress.nix +++ b/hosts/bekkalokk/services/nginx/ingress.nix @@ -1,8 +1,8 @@ { config, lib, ... }: { services.nginx.virtualHosts = { - "www2.pvv.ntnu.no" = { - serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ]; + "pvv.ntnu.no" = { + serverAliases = [ "pvv.org" ]; addSSL = true; enableACME = true; diff --git a/hosts/bekkalokk/services/website.nix b/hosts/bekkalokk/services/website.nix index facb35d..3eff7a3 100644 --- a/hosts/bekkalokk/services/website.nix +++ b/hosts/bekkalokk/services/website.nix @@ -1,4 +1,39 @@ -{ ... }: -{ +{ pkgs, lib, config, ... }: +let + format = pkgs.formats.php { }; + cfg = config.services.pvv-nettsiden; +in { + services.pvv-nettsiden = { + enable = true; + + domainName = "www2.pvv.ntnu.no"; + + settings = { + DOOR_SECRET = "verysecret"; + DB = { + DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no"; + USER = "www-data_www2"; + PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')"; + }; + + SAML = { + COOKIE_SALT = "changeme"; + COOKIE_SECURE = true; + ADMIN_PASSWORD = "torskefjes"; + TRUSTED_DOMAINS = [ cfg.domainName ]; + }; + }; + }; + + services.phpfpm.pools."pvv-nettsiden".settings = { + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + + sops.secrets."nettsiden/database/password" = { + owner = config.services.phpfpm.pools.pvv-nettsiden.user; + group = config.services.phpfpm.pools.pvv-nettsiden.group; + }; } diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml index ca9dc31..76e3820 100644 --- a/secrets/bekkalokk/bekkalokk.yaml +++ b/secrets/bekkalokk/bekkalokk.yaml @@ -13,6 +13,9 @@ mediawiki: database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str] keycloak: database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str] +nettsiden: + database: + password: ENC[AES256_GCM,data:6jYD6RM+bkWyMxQKaDXhTX/S,iv:3RILCebHs7E7LUX4B5DIM/E6qRWBh8a1Z94YcDZNQdc=,tag:FLW4dQ9DbVeOkjax4aiv3w==,type:str] sops: kms: [] gcp_kms: [] @@ -46,8 +49,8 @@ sops: akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-17T02:02:24Z" - mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str] + lastmodified: "2024-03-23T20:46:37Z" + mac: ENC[AES256_GCM,data:Du1usETRD5lzf4QS3jCQZ8UZRNxdydZID8AI8Y1+YtmX66pszzLTNdzlzvid5fVRi1LFS7gSJfcIcfSPKTv20zeo/qzM5qhUoM9X8JOr+m0+FmjrmBJKnEqBvP7qOysBLZinR+pfr6RiR0tJMTWcmQp9k4q/wTeCU9Aaoz3OXr8=,iv:dCvzA1MOiid8WiIijznf0vvF6i9V9ZDSzvwfRONMN/M=,tag:qCN6RxvQ8wZIcUqwI0jU6g==,type:str] pgp: - created_at: "2023-05-21T00:28:40Z" enc: | @@ -70,4 +73,5 @@ sops: -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 +