bekkalokk/nginx: host .well-known
#79
@ -16,6 +16,7 @@
|
||||
./services/vaultwarden.nix
|
||||
./services/webmail
|
||||
./services/website
|
||||
./services/well-known
|
||||
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
||||
|
@ -116,16 +116,6 @@ in {
|
||||
"/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift";
|
||||
"/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
|
||||
"/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
|
||||
|
||||
# Proxy the matrix well-known files
|
||||
# Host has be set before proxy_pass
|
||||
# The header must be set so nginx on the other side routes it to the right place
|
||||
"^~ /.well-known/matrix/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
18
hosts/bekkalokk/services/well-known/default.nix
Normal file
18
hosts/bekkalokk/services/well-known/default.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."www.pvv.ntnu.no".locations = {
|
||||
felixalb marked this conversation as resolved
Outdated
felixalb
commented
This should be served on all four This should be served on all four `www.pvv.ntnu.no pvv.ntnu.no www.pvv.org pvv.org`, like the main website
felixalb
commented
Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well. Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well.
Might still want to specify aliases here as well, in case the http ingress is moved to another host than the main PHP app in the future.
|
||||
"^~ /.well-known/" = {
|
||||
alias = (toString ./root) + "/";
|
||||
};
|
||||
|
||||
# Proxy the matrix well-known files
|
||||
# Host has be set before proxy_pass
|
||||
# The header must be set so nginx on the other side routes it to the right place
|
||||
"^~ /.well-known/matrix/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0"?>
|
||||
<clientConfig version="1.1">
|
||||
<emailProvider id="pvv.ntnu.no">
|
||||
<domain>pvv.ntnu.no</domain>
|
||||
<domain>pvv.org</domain>
|
||||
|
||||
<displayName>Programvareverkstedet</displayName>
|
||||
|
||||
<incomingServer type="imap">
|
||||
<hostname>imap.pvv.ntnu.no</hostname>
|
||||
<port>993</port>
|
||||
<socketType>SSL</socketType>
|
||||
<username>%EMAILLOCALPART%</username>
|
||||
<authentication>password-cleartext</authentication>
|
||||
</incomingServer>
|
||||
|
||||
<outgoingServer type="smtp">
|
||||
<hostname>smtp.pvv.ntnu.no</hostname>
|
||||
<port>587</port>
|
||||
<socketType>STARTTLS</socketType>
|
||||
<username>%EMAILLOCALPART%</username>
|
||||
<authentication>password-cleartext</authentication>
|
||||
<useGlobalPreferredServer>true</useGlobalPreferredServer>
|
||||
</outgoingServer>
|
||||
|
||||
<documentation url="https://www.pvv.ntnu.no/pvv/Drift/Mail/IMAP_POP3">
|
||||
<descr lang="en">Setup programvareverkstedet email user with IMAP or POP3</descr>
|
||||
<descr lang="nb">Sett opp programvareverkstedet email bruker med IMAP eller POP3</descr>
|
||||
</documentation>
|
||||
</emailProvider>
|
||||
</clientConfig>
|
12
hosts/bekkalokk/services/well-known/root/security.txt
Normal file
12
hosts/bekkalokk/services/well-known/root/security.txt
Normal file
@ -0,0 +1,12 @@
|
||||
Contact: mailto:drift@pvv.ntnu.no
|
||||
Contact: mailto:cert@pvv.ntnu.no
|
||||
# drift@pvv.ntnu.no is read by more people and have a quicker reaction time,
|
||||
# but cert@pvv.ntnu.no can be used for more severe issues.
|
||||
|
||||
Preferred-Languages: no, en
|
||||
|
||||
Expires: 2032-12-31T23:59:59.000Z
|
||||
# This file was last updated 2024-09-14.
|
||||
|
||||
# You can find a wikipage for our security policies at:
|
||||
# https://wiki.pvv.ntnu.no/wiki/CERT
|
Loading…
Reference in New Issue
Block a user
I think this should be a part of the main
./services/website
, as that is a more common / familiar way to think of and configure .well-known, rather than as a separate "service". This makes more sense semantically, though, as it doesn't really have anything to do with the website contentI'm fine with it being like this. well-known is kind of a "thing" administrators have to manage