bekkalokk/nginx: host .well-known #79

Merged
oysteikt merged 1 commits from move-well-known-to-bekkalokk into main 2024-10-20 01:35:22 +02:00
5 changed files with 62 additions and 10 deletions
Showing only changes of commit f39fee4213 - Show all commits

View File

@ -16,6 +16,7 @@
./services/vaultwarden.nix ./services/vaultwarden.nix
./services/webmail ./services/webmail
./services/website ./services/website
./services/well-known

I think this should be a part of the main ./services/website, as that is a more common / familiar way to think of and configure .well-known, rather than as a separate "service". This makes more sense semantically, though, as it doesn't really have anything to do with the website content

I think this should be a part of the main `./services/website`, as that is a more common / familiar way to think of and configure .well-known, rather than as a separate "service". This makes more sense semantically, though, as it doesn't really have anything to do with the website content
Outdated
Review

I'm fine with it being like this. well-known is kind of a "thing" administrators have to manage

I'm fine with it being like this. well-known is kind of a "thing" administrators have to manage
]; ];
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml; sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;

View File

@ -116,16 +116,6 @@ in {
"/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift"; "/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift";
"/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse"; "/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
"/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza"; "/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
# Proxy the matrix well-known files
# Host has be set before proxy_pass
# The header must be set so nginx on the other side routes it to the right place
"^~ /.well-known/matrix/" = {
extraConfig = ''
proxy_set_header Host matrix.pvv.ntnu.no;
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
'';
};
}; };
}; };
} }

View File

@ -0,0 +1,18 @@
{ ... }:
{
services.nginx.virtualHosts."www.pvv.ntnu.no".locations = {
felixalb marked this conversation as resolved Outdated

This should be served on all four www.pvv.ntnu.no pvv.ntnu.no www.pvv.org pvv.org, like the main website

This should be served on all four `www.pvv.ntnu.no pvv.ntnu.no www.pvv.org pvv.org`, like the main website

Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well.
Might still want to specify aliases here as well, in case the http ingress is moved to another host than the main PHP app in the future.

Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well. Might still want to specify aliases here as well, in case the http ingress is moved to another host than the main PHP app in the future.
"^~ /.well-known/" = {
alias = (toString ./root) + "/";
};
# Proxy the matrix well-known files
# Host has be set before proxy_pass
# The header must be set so nginx on the other side routes it to the right place
"^~ /.well-known/matrix/" = {
extraConfig = ''
proxy_set_header Host matrix.pvv.ntnu.no;
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
'';
};
};
}

View File

@ -0,0 +1,31 @@
<?xml version="1.0"?>
<clientConfig version="1.1">
<emailProvider id="pvv.ntnu.no">
<domain>pvv.ntnu.no</domain>
<domain>pvv.org</domain>
<displayName>Programvareverkstedet</displayName>
<incomingServer type="imap">
<hostname>imap.pvv.ntnu.no</hostname>
<port>993</port>
<socketType>SSL</socketType>
<username>%EMAILLOCALPART%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.pvv.ntnu.no</hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<username>%EMAILLOCALPART%</username>
<authentication>password-cleartext</authentication>
<useGlobalPreferredServer>true</useGlobalPreferredServer>
</outgoingServer>
<documentation url="https://www.pvv.ntnu.no/pvv/Drift/Mail/IMAP_POP3">
<descr lang="en">Setup programvareverkstedet email user with IMAP or POP3</descr>
<descr lang="nb">Sett opp programvareverkstedet email bruker med IMAP eller POP3</descr>
</documentation>
</emailProvider>
</clientConfig>

View File

@ -0,0 +1,12 @@
Contact: mailto:drift@pvv.ntnu.no
Contact: mailto:cert@pvv.ntnu.no
# drift@pvv.ntnu.no is read by more people and have a quicker reaction time,
# but cert@pvv.ntnu.no can be used for more severe issues.
Preferred-Languages: no, en
Expires: 2032-12-31T23:59:59.000Z
# This file was last updated 2024-09-14.
# You can find a wikipage for our security policies at:
# https://wiki.pvv.ntnu.no/wiki/CERT