Compare commits
26 Commits
fca2915e58
...
6851879a03
33
base.nix
33
base.nix
|
@ -88,17 +88,46 @@
|
|||
|
||||
systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
|
||||
|
||||
environment.snakeoil-certs = lib.mkIf (config.services.nginx.enable) {
|
||||
environment.snakeoil-certs = lib.mkIf config.services.nginx.enable {
|
||||
"/etc/certs/nginx" = {
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."_" = lib.mkIf (config.services.nginx.enable) {
|
||||
services.nginx = {
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
appendConfig = ''
|
||||
pcre_jit on;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 100000;
|
||||
'';
|
||||
eventsConfig = ''
|
||||
worker_connections 2048;
|
||||
use epoll;
|
||||
multi_accept on;
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.nginx.serviceConfig = lib.mkIf config.services.nginx.enable {
|
||||
LimitNOFILE = 65536;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
|
||||
sslCertificate = "/etc/certs/nginx.crt";
|
||||
sslCertificateKey = "/etc/certs/nginx.key";
|
||||
addSSL = true;
|
||||
extraConfig = "return 444;";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
||||
};
|
||||
}
|
||||
|
|
63
flake.lock
63
flake.lock
|
@ -7,11 +7,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710169806,
|
||||
"narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=",
|
||||
"lastModified": 1712798444,
|
||||
"narHash": "sha256-aAksVB7zMfBQTz0q2Lw3o78HM3Bg2FRziX2D6qnh+sk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "fe064a639319ed61cdf12b8f6eded9523abcc498",
|
||||
"rev": "a297cb1cb0337ee10a7a0f9517954501d8f6f74d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -27,11 +27,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696346665,
|
||||
"narHash": "sha256-J6Tf6a/zhFZ8SereluHLrvgPsIVm2CGHHA8wrbhZB3Y=",
|
||||
"lastModified": 1712875951,
|
||||
"narHash": "sha256-4kcRd2Q2XM4r+U2zp+LADjrzazKpWvs0WrMKPktEEkc=",
|
||||
"owner": "Programvareverkstedet",
|
||||
"repo": "grzegorz",
|
||||
"rev": "9b9c3ac7d408ac7c6d67544b201e6b169afacb03",
|
||||
"rev": "9eaba26b1671e8810cb135997c867ac3550e685a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -47,11 +47,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693864994,
|
||||
"narHash": "sha256-oLDiWdCKDtEfeGzfAuDTq+n9VWp6JCo67PEESEZ3y8E=",
|
||||
"lastModified": 1711853301,
|
||||
"narHash": "sha256-KxRNyW/fgq690bt3B+Nz4EKLoubybcuASYyMa41bAPE=",
|
||||
"owner": "Programvareverkstedet",
|
||||
"repo": "grzegorz-clients",
|
||||
"rev": "a38a0b0fb31ad0ad78a91458cb2c7f77f686468f",
|
||||
"rev": "c38f2f22a6d47ae2da015351a45d13cbc1eb48e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -102,11 +102,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1710248792,
|
||||
"narHash": "sha256-yFyWw4na+nJgtXwhHs2SJSy5Lcw94/FcMbBOorlGdfI=",
|
||||
"lastModified": 1712848736,
|
||||
"narHash": "sha256-CzZwhqyLlebljv1zFS2KWVH/3byHND0LfaO1jKsGuVo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "efbb274f364c918b9937574de879b5874b5833cc",
|
||||
"rev": "1d6a23f11e44d0fb64b3237569b87658a9eb5643",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -117,11 +117,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1710033658,
|
||||
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
|
||||
"lastModified": 1712437997,
|
||||
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
|
||||
"rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -133,11 +133,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1710247538,
|
||||
"narHash": "sha256-Mm3aCwfAdYgG2zKf5SLRBktPH0swXN1yEetAMn05KAA=",
|
||||
"lastModified": 1712837137,
|
||||
"narHash": "sha256-9joaU/GD35J9Utb0ipelQbOcvsw5eoYTmSarLV3MbNk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "21adc4f16a8ab151fec83b9d9368cd62d9de86bc",
|
||||
"rev": "681d4a87b26b1dcaae7ffe6cf88c9912c575415f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -166,6 +166,26 @@
|
|||
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
|
||||
}
|
||||
},
|
||||
"pvv-nettsiden": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1712834399,
|
||||
"narHash": "sha256-deNJvqboPk3bEoRZ/FyZnxscsf2BpS3/52JM4qXCNSA=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "216e153f89f1dbdc4c98a7c1db2a40e52becc901",
|
||||
"revCount": 451,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
|
@ -176,6 +196,7 @@
|
|||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||
"pvv-nettsiden": "pvv-nettsiden",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
|
@ -187,11 +208,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710195194,
|
||||
"narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=",
|
||||
"lastModified": 1712617241,
|
||||
"narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "e52d8117b330f690382f1d16d81ae43daeb4b880",
|
||||
"rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
15
flake.nix
15
flake.nix
|
@ -11,6 +11,9 @@
|
|||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git";
|
||||
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
|
||||
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
|
@ -26,7 +29,7 @@
|
|||
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
|
||||
let
|
||||
nixlib = nixpkgs.lib;
|
||||
systems = [
|
||||
|
@ -61,7 +64,11 @@
|
|||
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [ ] ++ config.overlays or [ ];
|
||||
overlays = [
|
||||
(import ./overlays/nginx-test.nix
|
||||
(builtins.attrNames self.nixosConfigurations.${name}.config.security.acme.certs)
|
||||
)
|
||||
] ++ config.overlays or [ ];
|
||||
};
|
||||
}
|
||||
(removeAttrs config [ "modules" "overlays" ])
|
||||
|
@ -87,9 +94,11 @@
|
|||
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
||||
})
|
||||
inputs.nix-gitea-themes.overlays.default
|
||||
inputs.pvv-nettsiden.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.nix-gitea-themes.nixosModules.default
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
];
|
||||
};
|
||||
bob = stableNixosConfig "bob" {
|
||||
|
@ -133,7 +142,7 @@
|
|||
|
||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
||||
|
||||
mediawiki-extensions = pkgs.callPackage ./packages/mediawiki-extensions { };
|
||||
# mediawiki-extensions = pkgs.callPackage ./packages/mediawiki-extensions { };
|
||||
} // nixlib.genAttrs allMachines
|
||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
|
||||
};
|
||||
|
|
|
@ -6,9 +6,8 @@
|
|||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
# TODO: set up authentication for the following:
|
||||
# ./services/website.nix
|
||||
./services/nginx
|
||||
./services/website
|
||||
./services/nginx.nix
|
||||
./services/gitea/default.nix
|
||||
./services/kerberos
|
||||
./services/webmail
|
||||
|
@ -24,8 +23,6 @@
|
|||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
virtualisation.podman.enable = true;
|
||||
|
||||
networking.hostName = "bekkalokk";
|
||||
|
||||
systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // {
|
||||
|
|
|
@ -27,4 +27,5 @@ lib.mkMerge [
|
|||
(mkRunner "alpha")
|
||||
(mkRunner "beta")
|
||||
(mkRunner "epsilon")
|
||||
{ virtualisation.podman.enable = true; }
|
||||
]
|
||||
|
|
|
@ -59,9 +59,9 @@ in {
|
|||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
|
||||
recommendedProxySettings = true;
|
||||
extraConfig = ''
|
||||
client_max_body_size 512M;
|
||||
'';
|
||||
|
|
|
@ -22,7 +22,7 @@ let
|
|||
# openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
|
||||
"metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
|
||||
<?php
|
||||
$metadata['https://idp2.pvv.ntnu.no/'] = array(
|
||||
$metadata['https://idp.pvv.ntnu.no/'] = array(
|
||||
'host' => '__DEFAULT__',
|
||||
'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
|
||||
'certificate' => '${./idp.crt}',
|
||||
|
@ -89,7 +89,7 @@ let
|
|||
--replace '$SAML_ADMIN_NAME' '"Drift"' \
|
||||
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
|
||||
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
|
||||
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \
|
||||
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
|
||||
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
|
||||
--replace '$SAML_DATABASE_USERNAME' '"idp"' \
|
||||
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
|
||||
|
@ -177,9 +177,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."idp2.pvv.ntnu.no" = {
|
||||
services.nginx.virtualHosts."idp.pvv.ntnu.no" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
root = "${package}/share/php/simplesamlphp/public";
|
||||
locations = {
|
||||
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
||||
|
@ -197,6 +198,10 @@ in
|
|||
}
|
||||
'';
|
||||
};
|
||||
"^~ /simplesaml/".extraConfig = ''
|
||||
rewrite ^/simplesaml/(.*)$ /$1 redirect;
|
||||
return 404;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
''
|
||||
<?php
|
||||
$metadata['https://idp2.pvv.ntnu.no/'] = [
|
||||
$metadata['https://idp.pvv.ntnu.no/'] = [
|
||||
'metadata-set' => 'saml20-idp-hosted',
|
||||
'entityid' => 'https://idp2.pvv.ntnu.no/',
|
||||
'entityid' => 'https://idp.pvv.ntnu.no/',
|
||||
'SingleSignOnService' => [
|
||||
[
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleSignOnService',
|
||||
'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleSignOnService',
|
||||
],
|
||||
],
|
||||
'SingleLogoutService' => [
|
||||
[
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleLogout',
|
||||
'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleLogout',
|
||||
],
|
||||
],
|
||||
'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' ],
|
||||
|
|
|
@ -152,6 +152,7 @@ in {
|
|||
users.groups.mediawiki.members = [ "nginx" ];
|
||||
|
||||
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
|
||||
kTLS = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
|
|
|
@ -6,6 +6,6 @@ $config = array(
|
|||
'default-sp' => array(
|
||||
'saml:SP',
|
||||
'entityID' => 'https://wiki.pvv.ntnu.no/simplesaml/',
|
||||
'idp' => 'https://idp2.pvv.ntnu.no/',
|
||||
'idp' => 'https://idp.pvv.ntnu.no/',
|
||||
),
|
||||
);
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./ingress.nix
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"www2.pvv.ntnu.no" = {
|
||||
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations = {
|
||||
# Proxy home directories
|
||||
"/~" = {
|
||||
extraConfig = ''
|
||||
proxy_redirect off;
|
||||
proxy_pass https://tom.pvv.ntnu.no;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
|
||||
# Redirect old wiki entries
|
||||
"/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
|
||||
"/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
|
||||
"/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
|
||||
"/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
|
||||
"/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
|
||||
"/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
|
||||
"/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
|
||||
"/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
|
||||
"/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
|
||||
"/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
|
||||
"/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
|
||||
"/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
|
||||
|
||||
# TODO: Redirect webmail
|
||||
"/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
|
||||
|
||||
# Redirect everything else to the main website
|
||||
"/".return = "301 https://www.pvv.ntnu.no$request_uri";
|
||||
|
||||
# Proxy the matrix well-known files
|
||||
# Host has be set before proxy_pass
|
||||
# The header must be set so nginx on the other side routes it to the right place
|
||||
"/.well-known/matrix/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -4,12 +4,15 @@
|
|||
./roundcube.nix
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
|
||||
services.nginx.virtualHosts."webmail.pvv.ntnu.no" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
#locations."/" = lib.mkForce { };
|
||||
locations."= /" = {
|
||||
return = "301 https://www.pvv.ntnu.no/mail/";
|
||||
kTLS = true;
|
||||
locations = {
|
||||
"= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
"/rainloop".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
with lib;
|
||||
let
|
||||
cfg = config.services.roundcube;
|
||||
domain = "webmail2.pvv.ntnu.no";
|
||||
domain = "webmail.pvv.ntnu.no";
|
||||
in
|
||||
{
|
||||
services.roundcube = {
|
||||
|
@ -35,6 +35,7 @@ in
|
|||
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
kTLS = true;
|
||||
locations."/roundcube" = {
|
||||
tryFiles = "$uri $uri/ =404";
|
||||
index = "index.php";
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
|
||||
}
|
|
@ -0,0 +1,126 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
format = pkgs.formats.php { };
|
||||
cfg = config.services.pvv-nettsiden;
|
||||
in {
|
||||
imports = [
|
||||
./fetch-gallery.nix
|
||||
];
|
||||
|
||||
sops.secrets = lib.genAttrs [
|
||||
"nettsiden/door_secret"
|
||||
"nettsiden/mysql_password"
|
||||
"nettsiden/simplesamlphp/admin_password"
|
||||
"nettsiden/simplesamlphp/cookie_salt"
|
||||
] (_: {
|
||||
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
|
||||
group = config.services.phpfpm.pools.pvv-nettsiden.group;
|
||||
restartUnits = [ "phpfpm-pvv-nettsiden.service" ];
|
||||
});
|
||||
|
||||
services.idp.sp-remote-metadata = [ "https://${cfg.domainName}/simplesaml/" ];
|
||||
|
||||
services.pvv-nettsiden = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.pvv-nettsiden.override {
|
||||
extra_files = {
|
||||
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
|
||||
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''
|
||||
<?php
|
||||
$config = array(
|
||||
'admin' => array(
|
||||
'core:AdminPassword'
|
||||
),
|
||||
'default-sp' => array(
|
||||
'saml:SP',
|
||||
'entityID' => 'https://${cfg.domainName}/simplesaml/',
|
||||
'idp' => 'https://idp.pvv.ntnu.no/',
|
||||
),
|
||||
);
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
domainName = "www.pvv.ntnu.no";
|
||||
|
||||
settings = let
|
||||
includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";
|
||||
in {
|
||||
DOOR_SECRET = includeFromSops "door_secret";
|
||||
|
||||
DB = {
|
||||
DSN = "mysql:dbname=www-data_nettside;host=mysql.pvv.ntnu.no";
|
||||
USER = "www-data_nettsi";
|
||||
PASS = includeFromSops "mysql_password";
|
||||
};
|
||||
|
||||
# TODO: set up postgres session for simplesamlphp
|
||||
SAML = {
|
||||
COOKIE_SALT = includeFromSops "simplesamlphp/cookie_salt";
|
||||
COOKIE_SECURE = true;
|
||||
ADMIN_NAME = "PVV Drift";
|
||||
ADMIN_EMAIL = "drift@pvv.ntnu.no";
|
||||
ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
|
||||
TRUSTED_DOMAINS = [ cfg.domainName ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.phpfpm.pools."pvv-nettsiden".settings = {
|
||||
# "php_admin_value[error_log]" = "stderr";
|
||||
"php_admin_flag[log_errors]" = true;
|
||||
"catch_workers_output" = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.domainName} = {
|
||||
serverAliases = [
|
||||
"pvv.ntnu.no"
|
||||
"www.pvv.org"
|
||||
"pvv.org"
|
||||
];
|
||||
|
||||
locations = {
|
||||
# Proxy home directories
|
||||
"^~ /~" = {
|
||||
extraConfig = ''
|
||||
proxy_redirect off;
|
||||
proxy_pass https://tom.pvv.ntnu.no;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
|
||||
# Redirect the old webmail/wiki paths from spikkjeposche
|
||||
"^~ /webmail".return = "301 https://webmail.pvv.ntnu.no";
|
||||
"~ /pvv/([^\\n\\r]*)".return = "301 https://wiki.pvv.ntnu.no/wiki/$1";
|
||||
"= /pvv".return = "301 https://wiki.pvv.ntnu.no/";
|
||||
|
||||
# Redirect old wiki entries
|
||||
"/disk".return = "301 https://wiki.pvv.ntnu.no/wiki/Diskkjøp";
|
||||
"/dok/boker.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Bokhyllen";
|
||||
"/styret/lover/".return = "301 https://wiki.pvv.ntnu.no/wiki/Lover";
|
||||
"/styret/".return = "301 https://wiki.pvv.ntnu.no/wiki/Styret";
|
||||
"/info/".return = "301 https://wiki.pvv.ntnu.no/wiki/";
|
||||
"/info/maskinpark/".return = "301 https://wiki.pvv.ntnu.no/wiki/Maskiner";
|
||||
"/medlemssider/meldinn.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Medlemskontingent";
|
||||
"/diverse/medlems-sider.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Medlemssider";
|
||||
"/cert/".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT";
|
||||
"/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift";
|
||||
"/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
|
||||
"/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
|
||||
|
||||
# Proxy the matrix well-known files
|
||||
# Host has be set before proxy_pass
|
||||
# The header must be set so nginx on the other side routes it to the right place
|
||||
"^~ /.well-known/matrix/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,67 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
galleryDir = config.services.pvv-nettsiden.settings.GALLERY.DIR;
|
||||
transferDir = "${config.services.pvv-nettsiden.settings.GALLERY.DIR}-transfer";
|
||||
in {
|
||||
users.users.${config.services.pvv-nettsiden.user} = {
|
||||
useDefaultShell = true;
|
||||
|
||||
# This is pushed from microbel:/var/www/www-gallery/build-gallery.sh
|
||||
openssh.authorizedKeys.keys = [
|
||||
''command="${pkgs.rrsync}/bin/rrsync -wo ${transferDir}",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjHhC2dikhWs/gG+m7qP1eSohWzTehn4ToNzDSOImyR gallery-publish''
|
||||
];
|
||||
};
|
||||
|
||||
systemd.paths.pvv-nettsiden-gallery-update = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
pathConfig = {
|
||||
PathChanged = "${transferDir}/gallery.tar.gz";
|
||||
Unit = "pvv-nettsiden-gallery-update.service";
|
||||
MakeDirectory = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.pvv-nettsiden-gallery-update = {
|
||||
path = with pkgs; [ imagemagick gnutar gzip ];
|
||||
|
||||
script = ''
|
||||
tar ${lib.cli.toGNUCommandLineShell {} {
|
||||
extract = true;
|
||||
file = "${transferDir}/gallery.tar.gz";
|
||||
directory = ".";
|
||||
}}
|
||||
|
||||
# Delete files and directories that exists in the gallery that don't exist in the tarball
|
||||
filesToRemove=$(uniq -u <(sort <(find . -not -path "./.thumbnails*") <(tar -tf ${transferDir}/gallery.tar.gz | sed 's|/$||')))
|
||||
while IFS= read fname; do
|
||||
rm -f "$fname" ||:
|
||||
rm -f ".thumbnails/$fname.png" ||:
|
||||
done <<< "$filesToRemove"
|
||||
|
||||
find . -type d -empty -delete
|
||||
|
||||
mkdir -p .thumbnails
|
||||
images=$(find . -type f -not -path "./.thumbnails*")
|
||||
|
||||
while IFS= read fname; do
|
||||
# Skip this file if an up-to-date thumbnail already exists
|
||||
if [ -f ".thumbnails/$fname.png" ] && \
|
||||
[ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
|
||||
echo "Creating thumbnail for $fname"
|
||||
mkdir -p $(dirname ".thumbnails/$fname")
|
||||
convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
|
||||
touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
|
||||
done <<< "$images"
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
WorkingDirectory = galleryDir;
|
||||
User = config.services.pvv-nettsiden.user;
|
||||
Group = config.services.pvv-nettsiden.group;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,6 +5,7 @@ in {
|
|||
services.nginx.virtualHosts."chat.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
kTLS = true;
|
||||
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
|
|
|
@ -7,6 +7,9 @@ from synapse import module_api
|
|||
|
||||
import re
|
||||
|
||||
import logging
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
class SMTPAuthProvider:
|
||||
def __init__(self, config: dict, api: module_api):
|
||||
self.api = api
|
||||
|
@ -43,8 +46,13 @@ class SMTPAuthProvider:
|
|||
|
||||
if result == True:
|
||||
userid = self.api.get_qualified_user_id(username)
|
||||
if not self.api.check_user_exists(userid):
|
||||
self.api.register_user(username)
|
||||
|
||||
userid = await self.api.check_user_exists(userid)
|
||||
if not userid:
|
||||
logger.info(f"user did not exist, registering {username}")
|
||||
userid = await self.api.register_user(username)
|
||||
logger.info(f"registered userid: {userid}")
|
||||
return (userid, None)
|
||||
else:
|
||||
logger.info("returning None")
|
||||
return None
|
||||
|
|
|
@ -134,80 +134,6 @@ in {
|
|||
"129.241.0.0/16"
|
||||
"2001:700:300::/44"
|
||||
];
|
||||
|
||||
saml2_config = {
|
||||
sp_config.metadata.remote = [
|
||||
{ url = "https://idp.pvv.ntnu.no/simplesaml/saml2/idp/metadata.php"; }
|
||||
];
|
||||
|
||||
description = [ "Matrix Synapse SP" "en" ];
|
||||
name = [ "Matrix Synapse SP" "en" ];
|
||||
|
||||
ui_info = {
|
||||
display_name = [
|
||||
{
|
||||
lang = "en";
|
||||
text = "PVV Matrix login";
|
||||
}
|
||||
];
|
||||
description = [
|
||||
{
|
||||
lang = "en";
|
||||
text = "Matrix is a modern free and open federated chat protocol";
|
||||
}
|
||||
];
|
||||
#information_url = [
|
||||
# {
|
||||
# lang = "en";
|
||||
# text = "";
|
||||
# };
|
||||
#];
|
||||
#privacy_statement_url = [
|
||||
# {
|
||||
# lang = "en";
|
||||
# text = "";
|
||||
# };
|
||||
#];
|
||||
keywords = [
|
||||
{
|
||||
lang = "en";
|
||||
text = [ "Matrix" "Element" ];
|
||||
}
|
||||
];
|
||||
#logo = [
|
||||
# {
|
||||
# lang = "en";
|
||||
# text = "";
|
||||
# width = "";
|
||||
# height = "";
|
||||
# }
|
||||
#];
|
||||
};
|
||||
|
||||
organization = {
|
||||
name = "Programvareverkstedet";
|
||||
display_name = [ "Programvareverkstedet" "en" ];
|
||||
url = "https://www.pvv.ntnu.no";
|
||||
};
|
||||
contact_person = [
|
||||
{ given_name = "Drift";
|
||||
sur_name = "King";
|
||||
email_adress = [ "drift@pvv.ntnu.no" ];
|
||||
contact_type = "technical";
|
||||
}
|
||||
];
|
||||
|
||||
user_mapping_provider = {
|
||||
config = {
|
||||
mxid_source_attribute = "uid"; # What is this supposed to be?
|
||||
mxid_mapping = "hexencode";
|
||||
};
|
||||
};
|
||||
|
||||
#attribute_requirements = [
|
||||
# {attribute = "userGroup"; value = "medlem";} # Do we have this?
|
||||
#];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -217,6 +143,9 @@ in {
|
|||
services.redis.servers."".enable = true;
|
||||
|
||||
services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
|
||||
({
|
||||
kTLS = true;
|
||||
})
|
||||
({
|
||||
locations."/.well-known/matrix/server" = {
|
||||
return = ''
|
||||
|
|
|
@ -1,15 +1,8 @@
|
|||
{ config, values, ... }:
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "danio@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
enableReload = true;
|
||||
|
||||
defaultListenAddresses = [
|
||||
values.hosts.bicep.ipv4
|
||||
"[${values.hosts.bicep.ipv6}]"
|
||||
|
@ -18,28 +11,5 @@
|
|||
"127.0.0.2"
|
||||
"[::1]"
|
||||
];
|
||||
|
||||
appendConfig = ''
|
||||
pcre_jit on;
|
||||
worker_processes 8;
|
||||
worker_rlimit_nofile 8192;
|
||||
'';
|
||||
|
||||
eventsConfig = ''
|
||||
multi_accept on;
|
||||
worker_connections 4096;
|
||||
'';
|
||||
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
LimitNOFILE = 65536;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -91,6 +91,7 @@ in {
|
|||
services.nginx.virtualHosts.${cfg.settings.server.domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
kTLS = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.settings.server.http_port}";
|
||||
|
|
|
@ -1,15 +1,8 @@
|
|||
{ config, values, ... }:
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
enableReload = true;
|
||||
|
||||
defaultListenAddresses = [
|
||||
values.hosts.ildkule.ipv4
|
||||
"[${values.hosts.ildkule.ipv6}]"
|
||||
|
@ -18,12 +11,5 @@
|
|||
"127.0.0.2"
|
||||
"[::1]"
|
||||
];
|
||||
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
||||
|
|
|
@ -24,15 +24,12 @@ in {
|
|||
services.grzegorz-webui.hostName = "${config.networking.fqdn}";
|
||||
services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api";
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "pederbs@pvv.ntnu.no";
|
||||
|
||||
services.nginx.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
serverAliases = [
|
||||
"${config.networking.hostName}.pvv.org"
|
||||
];
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
acme-certs: final: prev:
|
||||
let
|
||||
lib = final.lib;
|
||||
crt = "${final.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
|
||||
key = "${final.path}/nixos/tests/common/acme/server/acme.test.key.pem";
|
||||
in {
|
||||
writers = prev.writers // {
|
||||
writeNginxConfig = name: text: final.runCommandLocal name {
|
||||
nginxConfig = prev.writers.writeNginxConfig name text;
|
||||
nativeBuildInputs = [ final.bubblewrap ];
|
||||
} ''
|
||||
ln -s "$nginxConfig" "$out"
|
||||
set +o pipefail
|
||||
bwrap \
|
||||
--ro-bind "${crt}" "/etc/certs/nginx.crt" \
|
||||
--ro-bind "${key}" "/etc/certs/nginx.key" \
|
||||
--ro-bind "/nix" "/nix" \
|
||||
--ro-bind "/etc/hosts" "/etc/hosts" \
|
||||
--dir "/run/nginx" \
|
||||
--dir "/tmp" \
|
||||
--dir "/var/log/nginx" \
|
||||
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/fullchain.pem\" \\") acme-certs}
|
||||
${lib.concatMapStrings (name: "--ro-bind \"${key}\" \"/var/lib/acme/${name}/key.pem\" \\") acme-certs}
|
||||
${lib.concatMapStrings (name: "--ro-bind \"${crt}\" \"/var/lib/acme/${name}/chain.pem\" \\") acme-certs}
|
||||
${lib.getExe' final.nginx "nginx"} -t -c "$out" |& grep "syntax is ok"
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -20,6 +20,13 @@ idp:
|
|||
admin_password: ENC[AES256_GCM,data:Vf33Oenk6x6BIij1uW8RQDjTPcKhUVYA,iv:RNeyCNpTAYdBPrZwE3Y6CCjoAML/3XUvjfJCrr06IEU=,tag:zVOrx1oXnEyr/VwFCFaCDQ==,type:str]
|
||||
postgres_password: ENC[AES256_GCM,data:HGwKLbn/umPLPgH+qpXtugvXzOcXdlhK,iv:ypTW0VLSape8K5aCYu3BdjG/oMmqvfDSLw9uGLthb0Q=,tag:qlDMGz59qzMwEwBYxsC0XQ==,type:str]
|
||||
privatekey: ENC[AES256_GCM,data:pK74wjuk9lt2PNJIzi6NpPBkxcSRsBZJl28BElUiri2zz17CY81x66CMlFsNjvzKB3JVX+b28FHFuSsEpd/mAPtmzZPR+CoWBHvU+OrSYYoufBxexRTtXzu0vx/KFL4X5tsb+GCgfm72CM+u9dElYHJzn3teBUmZc0pIoF29slTuwF+iZrbFwaieECxXMjHC9f+ivxWQsOvYFjhmAwgjBw/LsfURgLxZwcIRiiKsN41P2WtR9a/hjN53sJnihL9VZw/Xbbynm+bDmaAwhKUAZR28TU9Q1PTfNPEAOMoRgKF4MFuhQ5o0Cxq8RRz7fwCcCTV2sK4jgL7gKiy/gI/K41ybPQPon3NrDj3U2G1VhNgBfSNaTHgygiWI08HGWRHk83eJPHp3Ph8/A774g15SE10BXkL12n0kzodsZWYu3ybrhp167vL/ZW3xUnvFFlm4dTX/ndwS5rp1dIW0a5/0EDwMoGIJw94W5ph5sK9YoUTXwLdAJ9UWRZKQGk6iJstq2BMEBAN2BCSPHS2cflMjoVV4KKX1eq6s8/w6YFzCSQkt3+pGQ3DmiOaaqiv7sUfxyfMDzDcuTVETYRhsvr1ChfBFNn1yoH8BffeVTI2Ei3Edek1vXcg05mHxslhCmzQ4U4us0agtpm2Ar6ppvuedJHLWLFz8pgWSENeGdRcbz0CXiy7lIEYW4uQBru4MAjQ+ZQhz/F4L6At60Q4NelYMDxryQ8LxV0fA/ba2llwl8bDHDFDYkxu3/IaaWG8bp1i6gqvEao3/CRpPt/OAJGAHO3HViPm6xmWlWinUEatNlgCoDotkc56eZU/Af/P7R0QPQF0PpEIDHPcNjc/HcfheUXzJSzkD7wja8VB6rtqdRHFC793QsgdHJMJ+/bvJWZSQciSwaY3PBKLLuB6vrn7VD2NB4cE6beaGwneiAn83lAV+I4cJMDQFLkhWm8LIC7JIZKq/7eBfDEmajWEBL6wSbomBi/UGbA+FyvOokYYMemwVu1JGULcz9Lvn6pxkftQlN0gqE3MncrcZ/l59fepbka/z8oqH6i+3nKdaEh6D+WudD/0xiJSdXAVM6jGrxQtFc1R+OmGTTKJB4aLqgcM25YQ760wKavx5+B52pSki7XdYLmb6Xbnnv7AnyCNmGcpcj795P7qasE2sVokqq9a2PZD7VhP9TPHGtEO6QkkNV5gLxGsGvmshMM8KQgjK60HPQuSfHFVN/SlcOKvvH5ec8sBuYUt24xcDPewV9cXZwjcmwufFOVbC72FTEmU5qvmKobJTGjjbhWsHwpopESctmXuArIcVPsX5jSe3C9Y+9tjbkBGW6/+o8pTfodsjioXevVDXwjVBmGYk8xjZtF6/xfhpWvfunDXgEhnpT4i6ikoQiva8Mw8NvLe8U8Ivr6qCDE4ys4RTs56aw/CJHzydKjX96ZPzim52fAIJvEt1HvMvQx/O/q00h0WujYBcSBivYDtl7hC2fl6pBvM7fjipbeF04idkAKKXf4j6SGunx4hWq+eIA5tnlG8XVZZKIpdXKLgarvWs5pLlTSAK5ckF/yddcik7gAZc+pwo8kCAXIXPisX/yw9cZhI51PNTG1yxtPHAWKgULYLoWcnBCGTmPVXmj6IhpGuNuQ18TTpEtwnrMmcGq6aG/M2ZI+oq0q6suJUWwsCKUVM/TS6SKXEArzDtOMdXgyyDC/H3u+w3Bt/DwALLacq6lwoKBJZxQ6ewv3+ZkLcOkMRKu97hgV+rKmFqdPXqs+Skrf2MRl48sUCPIUXhD46ocFNpemcXcr73G7AxmmFLT6T4ZFm69K6eftUP6FsgUwbed+SaWTeptaG+wueL1NECoXafGlJAmXkjbBdWVgF2oMQFP3Kau135fiqmHpoWGzG5UhKxshTTtRIvbG/296NOkNZWBT/VzjwZti3IUka7HjC3leu28IlLsN0fsNPjQc2uIR3uVsR020g6et0m/Nys9gHDWXG/aCAYKhrgU8w37ZHBs383rkl4uUIYJH61SmTS4JP/wgh/+Q1aU8gXaZ8/Bc0BZUJdF3JR48fjkuMi2A8q5vkTQ1yFCvbBTtdg336v5tZc/xOW5/pt0W1Y7IgPFwHNh4iPAtKQZ3Qybh5PXs4N80YeYFWIjV6Ai0uY4yPdwYPfd1pRdpf3Ll+bhnbDPg0ye4f9lAhSR/cAZpft7BTd6W6jCv8QfWZcDmoBGZy68GZsYfCJ3QAo6szxzDtuyp7WMJRxioPt1EVA9q+8Rp7hHmZosoZOIUV+q3W5yZymL/PXZABiIc2OW9kryNlxQlBo79CSLGdXWeMq3dN1MSWoKJzxEseQqtSY5E1DYQosT1+3B8DXm77WSLMuB6OLjEz760y8jyIiLTGAVslcOb5XNfrQf5+l52nxCl/uSZo9FxiKg7ip0v3PZLuFSTSEaR2R2WeSuv/KoXi7WxFiG6VskpyL5jMhBwjepExFVosrOi4XugqR8vD3byTYUnmQvWJyyrI2LqQsYsa3o65SIO4g8SMKRsJJ8WWHpywLjF00HJSWiGRu8bQguvDTQd3UP6lgudzpubERXuUIBiMPqBKFJ1QTWA6N/t7dxR7NVaSexrGmY4ZSoIBKb9Jnge/+lkKrO9CgqDQpTAAvwwBZpFOV7EYLZNRpW+F8HaCNMeql7V/nFqdaaNdm9yLBhXbaeujalyiLtvBCghe330JVjbBTYWiRulJ2xnlX4GLzORBRIVHJYjxEKzCeVW7J2wAKkJ6gx5rlfDOd6r+Tf+1L8ZZoJEdBhIW7flslxo4amGRTI9QGJKVCIq/hrUGEgIAKsDsqTd21lVdhy+EDM+gumO7FbMcqVPRpwmQMFAZbJgH6TeS46tA4XQJGbwQhhBaqVb3jz7OJVOZ9C3/XfxPPpK4B2OyqINKNIRfyZ0fSmGlIT4LPf2IUEDCEKuPd3ClX51qNnVAPt/MbooF++Vp91KImdqCHwdiAygZTH9u91UN8S9IW8vo0XE4eAgdInjOM+IzUPhC+G8i6UNHbOpfQ7dntDc2nCv4nFKLjLZrgpm2kFrQ60/gDlbXBFF2eRcfYkSQSxVLWC4kWF1ce9YZf/j6erm6GnsQiyNoePe/Nb0v2f5DAR+9yoSJEOAi/AHacA9Dq5kfcoOYCrLkoc17SKQYmy/M9m5Mh3inI/O4wbUQrYDKHT0j77BJnkY11M6AiEF9YC0F4lCV4hIefQ3PnI4nmmo9b8rHnqvmrwUZrcOom6Zp+A7ydo4t0Bw1cDzEwJfpcb3JjpFi7F32/vHHLtGuPDvcJqkhw8VLuaAWAcEPJcIHJ+vAKCGWtDH7yQEOhFq4touwyPYDWBA5tqPY2xkFIAImFRhyLtTQupiNbZVR4G4dj24l8uQl2iz9aoDbJlNhoT+9YhwrKrYdM6hqnvpmiYqLIM+2kijZ8JmBS0BWNLCr+6rnbZbEB5e1ezokice8HQ1XcXbsegcI+eJ+gfDhYKw75VVyOd1Uy/pjLCCwQTywTIbf3iSuETvs3YjQrET1m7GJm3q8G4dx2M9c2B7R6B0ej06pkC4WwzFg3hEG6z2BaNrkopKkoE99bjoB2VHkgGTe+YM1Q3t+jA8IB7XNlnVH82AJ6eDMqgGSWBZiGxwx0KVUMg7cTi0iD6JNSYea0ykw+fh7Mj+8N0zhmzdUjdNBwZqxHVUbqIhUhk6meGRN5EASyt6qR329AqzbKaloS2VqjLjDkSEMhQfL4jHa8yPp8Cyj6EjgM2n5LnZs0u/43eh0h4ig3zQYMkwrHixI5hNQTBwSm3QnNpr3OnXAlypCPbCTiMC5sxHfrSTFkmjduT29aZ5qHQOc5zYG5bE2CmhWJdCOZm1s1mUT+Pxbxf4m/sh8w7TwnA+leD1rUvwYfyl5WI8f071vPcg62uTwScxr+TErvdzAkg9HElnsO6km0IncHIh79zexCR51CrtrZAVxc1gnnDtTLsaKmcEDkqIY4U2cUv+1CtPWz7IfKea9B56x+bFY32pwqYeXCHdDVfBGSMuM7mqZUBu+3jETSbglozYrukbgjftdWob3s/hR0WB0lH9uwkugfoGVonasPkmPvBhuvozkCLvP9aplqwUoL74D4JhHFLciPvV+Cmw5ag1WtErB89Oimm3tnOpynCJwZTQM+NVgBtKjom0qOnyn7l0vYIKQFJwV2k5w+RfrX5EOOjFfg9D2u+gHgmrqzaSl6kk2dHlQYmfeP+nJxiH7eGO5D3ooYHp7JKZBAaJHcAWWpgqVL/L8pjSJLCPRGBF/5DnfggwFdNprl3LqYnr4io+Wp4+Du74uvQHNpojrUQ4j7Qp330rSbCK9iX5v14zYr6RlqKe5CtTqHjPzuL8CxFUI1ImHgViNpff4=,iv:8cb1FcIm0oGkcrfLNqXamx4aDA3owBZoHur8+uFsdmA=,tag:oFPP/Yene6QrxFDKlmoVcA==,type:str]
|
||||
nettsiden:
|
||||
mysql_password: ENC[AES256_GCM,data:Uv74HhWtYRbaFHcfh0Rk/Q==,iv:/lRTaMepwpJKZJWHnwb98Ywa1zP4e2EqYGmwI7BCl1I=,tag:ZnE0u2/65zdkONcoiBGSOQ==,type:str]
|
||||
door_secret: ENC[AES256_GCM,data:t0jEN1WnyEi10KRSg4Dlcd7IuIMBiOU7riOdYSZjvZTQqPijRYIoMEQ6OemIkD1Yg67uISTxnjxP,iv:Ss02VGKRa4oZMubbi8IfQDAjh3h295+n07vOx/IZGBs=,tag:OvdxqIUdYi/cR7IjopSVQQ==,type:str]
|
||||
simplesamlphp:
|
||||
postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
|
||||
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -53,8 +60,8 @@ sops:
|
|||
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
||||
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T21:39:18Z"
|
||||
mac: ENC[AES256_GCM,data:Ejj3xyINoWotU4oRrsP2oMGoKDMGJLCrx0AXhWerw7PJyHbXiKlDrABABHyuTgogA7KjKQjmZnxh689gpfYVnPogSV7zGHP07/dHrbaxsXek95uv4avzXNilXKbRfF8fyrmTuEcQi3S7UA+aVgTuVOQt/X+nGtI/K4inTuYIM4w=,iv:3vqp9jaJw9bm2GGCcxdLr11h1nhrfpwEbKNu+tGfNFY=,tag:dG3xRa7spbSuYAaaNija/Q==,type:str]
|
||||
lastmodified: "2024-04-14T21:58:31Z"
|
||||
mac: ENC[AES256_GCM,data:+o7YvaaKTjN/uZT5mv3z9FgIbXwG4NPJePWwRmtkBINn9X+vrCmYOXqWhKw7qfInn4Ftcg0FA7cYFZe5Pv8MNp+f8v1yoiLrVX12cxmEYtqTXJz7pNeD2st1YjGJKihNi2/fyCCf4YBCGN+8Ze//HeVf7/tfWNB+ysyC9g9Tze4=,iv:C6XBCVXn8GuNeaWGdJRnUIh1us0i8fSoxu9Sx7Feb58=,tag:W0RLPPv7eP5kCNrhMG3z7A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-21T00:28:40Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in New Issue