From 71c86d4267fdcd7b239290e6abb074818eeffa10 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sun, 5 Nov 2023 01:41:45 +0100 Subject: [PATCH] WIP --- hosts/bekkalokk/configuration.nix | 2 +- hosts/bekkalokk/services/nginx/default.nix | 22 ++++ hosts/bekkalokk/services/nginx/ingress.nix | 140 +++++++++++++++++++++ 3 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 hosts/bekkalokk/services/nginx/default.nix create mode 100644 hosts/bekkalokk/services/nginx/ingress.nix diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix index 358c43eb..618ed75c 100644 --- a/hosts/bekkalokk/configuration.nix +++ b/hosts/bekkalokk/configuration.nix @@ -10,7 +10,7 @@ # TODO: set up authentication for the following: # ./services/website.nix - ./services/nginx.nix + ./services/nginx ./services/gitea/default.nix ./services/webmail # ./services/mediawiki.nix diff --git a/hosts/bekkalokk/services/nginx/default.nix b/hosts/bekkalokk/services/nginx/default.nix new file mode 100644 index 00000000..a1a22532 --- /dev/null +++ b/hosts/bekkalokk/services/nginx/default.nix @@ -0,0 +1,22 @@ +{ pkgs, config, ... }: +{ + imports = [ + ./ingress.nix + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "drift@pvv.ntnu.no"; + }; + + services.nginx = { + enable = true; + + recommendedTlsSettings = true; + recommendedProxySettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix new file mode 100644 index 00000000..9e02bcfe --- /dev/null +++ b/hosts/bekkalokk/services/nginx/ingress.nix @@ -0,0 +1,140 @@ +{ config, lib, ... }: +{ + services.nginx.virtualHosts = { + "www2.pvv.ntnu.no" = { + serverAliases = [ "www2.pvv.org" ]; + locations = { + # "^/$".return = "301 http://www.pvv.ntnu.no/pvv/"; + "^/$".return = "301 http://www.pvv.ntnu.no/"; + + "^/disk/".return = "301 http://www.pvv.ntnu.no/pvv/Diskkjøp"; + "^/dok/boker.php".return = "301 http://www.pvv.ntnu.no/pvv/Bokhyllen"; + "^/styret/$".return = "301 http://www.pvv.ntnu.no/pvv/Styret"; + "^/styret/lover/".return = "301 http://www.pvv.ntnu.no/pvv/Lover"; + "^/info/$".return = "301 http://www.pvv.ntnu.no/pvv/"; + "^/info/maskinpark/$".return = "301 http://www.pvv.ntnu.no/pvv/Maskiner"; + "^/medlemssider/meldinn.php".return = "301 http://www.pvv.ntnu.no/pvv/Medlemskontingent"; + "^/diverse/medlems-sider.php".return = "301 http://www.pvv.ntnu.no/pvv/Medlemssider"; + "^/cert/$".return = "301 http://www.pvv.ntnu.no/pvv/CERT"; + "^/drift".return = "301 http://www.pvv.ntnu.no/pvv/Drift"; + "^/diverse/abuse.php".return = "301 http://www.pvv.ntnu.no/pvv/CERT/Abuse"; + "^/nerds/".return = "301 http://www.pvv.ntnu.no/pvv/Nerdepizza"; + + "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail"; + + }; + extraConfig = '' + rewrite ^/(~.*) http://tom.pvv.ntnu.no/$1 permanent; + ''; + }; + }; +} + + + +## Om denne er "none" gjør det at apache ikke gidder å åpne .htaccess-filer. Det +## er veldig greit om man ikke vil at den skal automounte /home/pvv/.htaccess, +## for å ta et tilfeldig eksempel ;-) +# +# AllowOverride none +# + +# +# Options Indexes FollowSymLinks +# AllowOverride All +# Order allow,deny +# Allow from all +# AddDefaultCharset iso-8859-1 +# + +# +# Options FollowSymLinks +# AllowOverride None +# + +# +# Options FollowSymLinks SymLinksIfOwnerMatch +# AllowOverride None +# Order allow,deny +# Allow from all +# + +#Alias /pvv "/var/www/wiki.pvv.ntnu.no/w/index.php" +#Alias /w /var/www/wiki.pvv.ntnu.no/w +#Alias /moin-static/ "/usr/share/moin/htdocs/" +#ScriptAlias /gammel "/usr/share/moin/server/moin.cgi" + +## :80 defineres av debians default ports.conf, men ikke :443 +##NameVirtualHost *:80 +#NameVirtualHost *:443 + +# +# ServerName www.pvv.ntnu.no +# ServerAlias www.pvv.org +# ServerAdmin drift@pvv.ntnu.no +# DocumentRoot /var/www/pvv + +# RedirectPermanent /webmail https://webmail.pvv.ntnu.no/squirrelmail + +# RewriteEngine on +# RewriteRule ^/(~.*) http://tom.pvv.ntnu.no/$1 [P] +# ProxyPreserveHost on + +# + +# +# ServerName www.pvv.ntnu.no +# ServerAlias www.pvv.org +# ServerAdmin drift@pvv.ntnu.no +# DocumentRoot /var/www/pvv + +# SSLEngine on +# SSLProxyEngine on +# SSLCertificateFile /etc/apache2/certs/www.pvv.ntnu.no.new.crt +# SSLCertificateKeyFile /etc/apache2/certs/www.pvv.ntnu.no.new.key +# SSLCertificateChainFile /etc/apache2/certs/www.pvv.ntnu.no_chain.new.crt +## SSLCertificateChainFile /etc/apache2/certs/DigiCertCA.crt +# SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown +## SSLProxyVerify none +## SSLProxyCheckPeerCN off +## SSLProxyCheckPeerName off +# SSLProxyCheckPeerExpire off + +# RedirectPermanent /webmail https://webmail.pvv.ntnu.no/squirrelmail + + +# RewriteEngine on +# RewriteRule ^/(~.*) https://tom.pvv.ntnu.no/$1 [P] +# ProxyPreserveHost on + +# + +## Redirects for gamle wiki.pvv.ntnu.no +# +# ServerAdmin drift@pvv.org +# ServerName wiki.pvv.ntnu.no +# ServerAlias wiki.pvv.org +# DocumentRoot /var/www/pvv + +# RedirectPermanent / http://www.pvv.ntnu.no/ + +# LogLevel warn +# CustomLog /var/log/apache2/wiki.log combined +# ErrorLog /var/log/apache2/error.log +# + +# +# ServerAdmin drift@pvv.org +# ServerName wiki.pvv.ntnu.no +# ServerAlias wiki.pvv.org +# DocumentRoot /var/www/pvv + +# RedirectPermanent / https://www.pvv.ntnu.no/ + +# SSLEngine on +# SSLProxyEngine on +# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP +# SSLCertificateFile /etc/apache2/certs/www.pvv.ntnu.no.crt +# SSLCertificateKeyFile /etc/apache2/certs/www.pvv.ntnu.no.key +# SSLCertificateChainFile /etc/apache2/certs/www.pvv.ntnu.no_chain.crt +#