Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Wiki Activity

bekkalokk/nginx: host .well-known #79

Merged
oysteikt merged 1 commits from move-well-known-to-bekkalokk into main 2024-10-20 01:35:22 +02:00
Conversation 0 Commits 1 Files Changed 5 +62 -10
5 changed files with 62 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/bekkalokk/configuration.nix
View File

@ -16,6 +16,7 @@
./services/vaultwarden.nix
./services/webmail
./services/website
./services/well-known
felixalb commented 2024-09-14 22:16:33 +02:00
Outdated
Review
Copy Link

I think this should be a part of the main ./services/website, as that is a more common / familiar way to think of and configure .well-known, rather than as a separate "service". This makes more sense semantically, though, as it doesn't really have anything to do with the website content

I think this should be a part of the main `./services/website`, as that is a more common / familiar way to think of and configure .well-known, rather than as a separate "service". This makes more sense semantically, though, as it doesn't really have anything to do with the website content
danio commented 2024-10-12 21:55:18 +02:00
Outdated
Review
Copy Link

I'm fine with it being like this. well-known is kind of a "thing" administrators have to manage

I'm fine with it being like this. well-known is kind of a "thing" administrators have to manage
👍 1
];
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;

10
hosts/bekkalokk/services/website/default.nix
View File

@ -116,16 +116,6 @@ in {
"/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift";
"/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
"/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
# Proxy the matrix well-known files
# Host has be set before proxy_pass
# The header must be set so nginx on the other side routes it to the right place
"^~ /.well-known/matrix/" = {
extraConfig = ''
proxy_set_header Host matrix.pvv.ntnu.no;
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
'';
};
};
};
}

18
hosts/bekkalokk/services/well-known/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ ... }:
{
services.nginx.virtualHosts."www.pvv.ntnu.no".locations = {
felixalb marked this conversation as resolved Outdated
felixalb commented 2024-09-14 22:08:56 +02:00
Outdated
Review
Copy Link

This should be served on all four www.pvv.ntnu.no pvv.ntnu.no www.pvv.org pvv.org, like the main website

This should be served on all four `www.pvv.ntnu.no pvv.ntnu.no www.pvv.org pvv.org`, like the main website
felixalb commented 2024-09-14 22:20:14 +02:00
Outdated
Review
Copy Link

Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well.
Might still want to specify aliases here as well, in case the http ingress is moved to another host than the main PHP app in the future.

Oops, nevermind, this is already handled because these other domains are already in the virtualHosts aliases, because this happens to be served from bekkalokk as well. Might still want to specify aliases here as well, in case the http ingress is moved to another host than the main PHP app in the future.
"^~ /.well-known/" = {
alias = (toString ./root) + "/";
};
# Proxy the matrix well-known files
# Host has be set before proxy_pass
# The header must be set so nginx on the other side routes it to the right place
"^~ /.well-known/matrix/" = {
extraConfig = ''
proxy_set_header Host matrix.pvv.ntnu.no;
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
'';
};
};
}

31
hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml Normal file
View File

@ -0,0 +1,31 @@
<?xml version="1.0"?>
<clientConfig version="1.1">
<emailProvider id="pvv.ntnu.no">
<domain>pvv.ntnu.no</domain>
<domain>pvv.org</domain>
<displayName>Programvareverkstedet</displayName>
<incomingServer type="imap">
<hostname>imap.pvv.ntnu.no</hostname>
<port>993</port>
<socketType>SSL</socketType>
<username>%EMAILLOCALPART%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.pvv.ntnu.no</hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<username>%EMAILLOCALPART%</username>
<authentication>password-cleartext</authentication>
<useGlobalPreferredServer>true</useGlobalPreferredServer>
</outgoingServer>
<documentation url="https://www.pvv.ntnu.no/pvv/Drift/Mail/IMAP_POP3">
<descr lang="en">Setup programvareverkstedet email user with IMAP or POP3</descr>
<descr lang="nb">Sett opp programvareverkstedet email bruker med IMAP eller POP3</descr>
</documentation>
</emailProvider>
</clientConfig>

12
hosts/bekkalokk/services/well-known/root/security.txt Normal file
View File

@ -0,0 +1,12 @@
Contact: mailto:drift@pvv.ntnu.no
Contact: mailto:cert@pvv.ntnu.no
# drift@pvv.ntnu.no is read by more people and have a quicker reaction time,
# but cert@pvv.ntnu.no can be used for more severe issues.
Preferred-Languages: no, en
Expires: 2032-12-31T23:59:59.000Z
# This file was last updated 2024-09-14.
# You can find a wikipage for our security policies at:
# https://wiki.pvv.ntnu.no/wiki/CERT