forked from Drift/pvv-nixos-config
Finalize www/idp/webmail migration from spikkjeposche to bekkalokk
This commit is contained in:
parent
145a840a2c
commit
4d50efc6db
|
@ -22,7 +22,7 @@ let
|
||||||
# openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
|
# openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
|
||||||
"metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
|
"metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
|
||||||
<?php
|
<?php
|
||||||
$metadata['https://idp2.pvv.ntnu.no/'] = array(
|
$metadata['https://idp.pvv.ntnu.no/'] = array(
|
||||||
'host' => '__DEFAULT__',
|
'host' => '__DEFAULT__',
|
||||||
'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
|
'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
|
||||||
'certificate' => '${./idp.crt}',
|
'certificate' => '${./idp.crt}',
|
||||||
|
@ -89,7 +89,7 @@ let
|
||||||
--replace '$SAML_ADMIN_NAME' '"Drift"' \
|
--replace '$SAML_ADMIN_NAME' '"Drift"' \
|
||||||
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
|
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
|
||||||
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
|
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
|
||||||
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \
|
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
|
||||||
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
|
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
|
||||||
--replace '$SAML_DATABASE_USERNAME' '"idp"' \
|
--replace '$SAML_DATABASE_USERNAME' '"idp"' \
|
||||||
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
|
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
|
||||||
|
@ -177,7 +177,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."idp2.pvv.ntnu.no" = {
|
services.nginx.virtualHosts."idp.pvv.ntnu.no" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
''
|
''
|
||||||
<?php
|
<?php
|
||||||
$metadata['https://idp2.pvv.ntnu.no/'] = [
|
$metadata['https://idp.pvv.ntnu.no/'] = [
|
||||||
'metadata-set' => 'saml20-idp-hosted',
|
'metadata-set' => 'saml20-idp-hosted',
|
||||||
'entityid' => 'https://idp2.pvv.ntnu.no/',
|
'entityid' => 'https://idp.pvv.ntnu.no/',
|
||||||
'SingleSignOnService' => [
|
'SingleSignOnService' => [
|
||||||
[
|
[
|
||||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||||
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleSignOnService',
|
'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleSignOnService',
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'SingleLogoutService' => [
|
'SingleLogoutService' => [
|
||||||
[
|
[
|
||||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||||
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleLogout',
|
'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleLogout',
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' ],
|
'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' ],
|
||||||
|
|
|
@ -6,6 +6,6 @@ $config = array(
|
||||||
'default-sp' => array(
|
'default-sp' => array(
|
||||||
'saml:SP',
|
'saml:SP',
|
||||||
'entityID' => 'https://wiki.pvv.ntnu.no/simplesaml/',
|
'entityID' => 'https://wiki.pvv.ntnu.no/simplesaml/',
|
||||||
'idp' => 'https://idp2.pvv.ntnu.no/',
|
'idp' => 'https://idp.pvv.ntnu.no/',
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
|
|
@ -4,12 +4,12 @@
|
||||||
./roundcube.nix
|
./roundcube.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
|
services.nginx.virtualHosts."webmail.pvv.ntnu.no" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
locations."= /" = {
|
locations."= /" = {
|
||||||
return = "301 https://www.pvv.ntnu.no/mail/";
|
return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services.roundcube;
|
cfg = config.services.roundcube;
|
||||||
domain = "webmail2.pvv.ntnu.no";
|
domain = "webmail.pvv.ntnu.no";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.roundcube = {
|
services.roundcube = {
|
||||||
|
|
|
@ -35,14 +35,14 @@ in {
|
||||||
'default-sp' => array(
|
'default-sp' => array(
|
||||||
'saml:SP',
|
'saml:SP',
|
||||||
'entityID' => 'https://${cfg.domainName}/simplesaml/',
|
'entityID' => 'https://${cfg.domainName}/simplesaml/',
|
||||||
'idp' => 'https://idp2.pvv.ntnu.no/',
|
'idp' => 'https://idp.pvv.ntnu.no/',
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
domainName = "www2.pvv.ntnu.no";
|
domainName = "www.pvv.ntnu.no";
|
||||||
|
|
||||||
settings = let
|
settings = let
|
||||||
includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";
|
includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";
|
||||||
|
|
Loading…
Reference in New Issue