forked from Drift/pvv-nixos-config
Compare commits
1 Commits
main
...
setup-kerb
Author | SHA1 | Date |
---|---|---|
Oystein Kristoffer Tveit | fc1b7db291 |
|
@ -5,12 +5,13 @@
|
||||||
|
|
||||||
../../base.nix
|
../../base.nix
|
||||||
../../misc/metrics-exporters.nix
|
../../misc/metrics-exporters.nix
|
||||||
|
../../modules/kerberos_auth.nix
|
||||||
|
|
||||||
#./services/keycloak.nix
|
#./services/keycloak.nix
|
||||||
|
|
||||||
# TODO: set up authentication for the following:
|
# TODO: set up authentication for the following:
|
||||||
# ./services/website.nix
|
# ./services/website.nix
|
||||||
./services/nginx
|
./services/nginx.nix
|
||||||
./services/gitea/default.nix
|
./services/gitea/default.nix
|
||||||
./services/webmail
|
./services/webmail
|
||||||
# ./services/mediawiki.nix
|
# ./services/mediawiki.nix
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
|
||||||
./ingress.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = "drift@pvv.ntnu.no";
|
defaults.email = "drift@pvv.ntnu.no";
|
|
@ -1,55 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
{
|
|
||||||
services.nginx.virtualHosts = {
|
|
||||||
"www2.pvv.ntnu.no" = {
|
|
||||||
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
|
|
||||||
addSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
|
|
||||||
locations = {
|
|
||||||
# Proxy home directories
|
|
||||||
"/~" = {
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_pass https://tom.pvv.ntnu.no;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# Redirect old wiki entries
|
|
||||||
"/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
|
|
||||||
"/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
|
|
||||||
"/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
|
|
||||||
"/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
|
|
||||||
"/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
|
|
||||||
"/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
|
|
||||||
"/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
|
|
||||||
"/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
|
|
||||||
"/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
|
|
||||||
"/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
|
|
||||||
"/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
|
|
||||||
"/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
|
|
||||||
|
|
||||||
# TODO: Redirect webmail
|
|
||||||
"/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
|
|
||||||
|
|
||||||
# Redirect everything else to the main website
|
|
||||||
"/".return = "301 https://www.pvv.ntnu.no$request_uri";
|
|
||||||
|
|
||||||
# Proxy the matrix well-known files
|
|
||||||
# Host has be set before proxy_pass
|
|
||||||
# The header must be set so nginx on the other side routes it to the right place
|
|
||||||
"/.well-known/matrix/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
|
||||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
heimdal
|
||||||
|
];
|
||||||
|
|
||||||
|
security.pam.krb5.enable = true;
|
||||||
|
|
||||||
|
environment.etc."krb5.conf".text = ''
|
||||||
|
[libdefaults]
|
||||||
|
default_realm = PVV.NTNU.NO
|
||||||
|
dns_lookup_realm = yes
|
||||||
|
dns_lookup_kdc = yes
|
||||||
|
|
||||||
|
[appdefaults]
|
||||||
|
pam = {
|
||||||
|
ignore_k5login = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
[realms]
|
||||||
|
PVV.NTNU.NO = {
|
||||||
|
admin_server = kdc.pvv.ntnu.no
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}
|
|
@ -3,7 +3,7 @@
|
||||||
{
|
{
|
||||||
users.users.jonmro = {
|
users.users.jonmro = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
|
extraGroups = [ "wheel" ];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"
|
||||||
|
|
Loading…
Reference in New Issue