1
0
Fork 0

Finalize www/idp/webmail migration from spikkjeposche to bekkalokk

This commit is contained in:
Felix Albrigtsen 2024-04-10 23:31:04 +02:00
parent 145a840a2c
commit 4d50efc6db
6 changed files with 13 additions and 13 deletions

View File

@ -22,7 +22,7 @@ let
# openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem # openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
"metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" '' "metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
<?php <?php
$metadata['https://idp2.pvv.ntnu.no/'] = array( $metadata['https://idp.pvv.ntnu.no/'] = array(
'host' => '__DEFAULT__', 'host' => '__DEFAULT__',
'privatekey' => '${config.sops.secrets."idp/privatekey".path}', 'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
'certificate' => '${./idp.crt}', 'certificate' => '${./idp.crt}',
@ -89,7 +89,7 @@ let
--replace '$SAML_ADMIN_NAME' '"Drift"' \ --replace '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \ --replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \ --replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \ --replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \ --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace '$SAML_DATABASE_USERNAME' '"idp"' \ --replace '$SAML_DATABASE_USERNAME' '"idp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \ --replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
@ -177,7 +177,7 @@ in
}; };
}; };
services.nginx.virtualHosts."idp2.pvv.ntnu.no" = { services.nginx.virtualHosts."idp.pvv.ntnu.no" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
kTLS = true; kTLS = true;

View File

@ -1,18 +1,18 @@
'' ''
<?php <?php
$metadata['https://idp2.pvv.ntnu.no/'] = [ $metadata['https://idp.pvv.ntnu.no/'] = [
'metadata-set' => 'saml20-idp-hosted', 'metadata-set' => 'saml20-idp-hosted',
'entityid' => 'https://idp2.pvv.ntnu.no/', 'entityid' => 'https://idp.pvv.ntnu.no/',
'SingleSignOnService' => [ 'SingleSignOnService' => [
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleSignOnService', 'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleSignOnService',
], ],
], ],
'SingleLogoutService' => [ 'SingleLogoutService' => [
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp2.pvv.ntnu.no/module.php/saml/idp/singleLogout', 'Location' => 'https://idp.pvv.ntnu.no/module.php/saml/idp/singleLogout',
], ],
], ],
'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' ], 'NameIDFormat' => [ 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' ],

View File

@ -6,6 +6,6 @@ $config = array(
'default-sp' => array( 'default-sp' => array(
'saml:SP', 'saml:SP',
'entityID' => 'https://wiki.pvv.ntnu.no/simplesaml/', 'entityID' => 'https://wiki.pvv.ntnu.no/simplesaml/',
'idp' => 'https://idp2.pvv.ntnu.no/', 'idp' => 'https://idp.pvv.ntnu.no/',
), ),
); );

View File

@ -4,12 +4,12 @@
./roundcube.nix ./roundcube.nix
]; ];
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = { services.nginx.virtualHosts."webmail.pvv.ntnu.no" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
kTLS = true; kTLS = true;
locations."= /" = { locations."= /" = {
return = "301 https://www.pvv.ntnu.no/mail/"; return = "302 https://webmail.pvv.ntnu.no/roundcube";
}; };
}; };
} }

View File

@ -3,7 +3,7 @@
with lib; with lib;
let let
cfg = config.services.roundcube; cfg = config.services.roundcube;
domain = "webmail2.pvv.ntnu.no"; domain = "webmail.pvv.ntnu.no";
in in
{ {
services.roundcube = { services.roundcube = {

View File

@ -35,14 +35,14 @@ in {
'default-sp' => array( 'default-sp' => array(
'saml:SP', 'saml:SP',
'entityID' => 'https://${cfg.domainName}/simplesaml/', 'entityID' => 'https://${cfg.domainName}/simplesaml/',
'idp' => 'https://idp2.pvv.ntnu.no/', 'idp' => 'https://idp.pvv.ntnu.no/',
), ),
); );
''; '';
}; };
}; };
domainName = "www2.pvv.ntnu.no"; domainName = "www.pvv.ntnu.no";
settings = let settings = let
includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')"; includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";