diff --git a/flake.lock b/flake.lock index 0fceac7..d3f1c4f 100644 --- a/flake.lock +++ b/flake.lock @@ -173,11 +173,11 @@ ] }, "locked": { - "lastModified": 1712778310, - "narHash": "sha256-6b2wAaT1Nk1FYOvxyQOe8aMzxPQZY768/SNGlQ4bdHQ=", + "lastModified": 1712789012, + "narHash": "sha256-d6inEw6LZ5PW7DvEPiuZIrt8du7qM8GtFddzVJpu8ng=", "ref": "refs/heads/master", - "rev": "1aa4f4fc8ac646da2e0967a5cb96bce13e3096bc", - "revCount": 448, + "rev": "d528df5f99d32dcc3e9e84dcf32409e09064b774", + "revCount": 450, "type": "git", "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" }, diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix index 53871c0..26d1e9c 100644 --- a/hosts/bekkalokk/configuration.nix +++ b/hosts/bekkalokk/configuration.nix @@ -8,9 +8,8 @@ #./services/keycloak.nix - # TODO: set up authentication for the following: ./services/website - ./services/nginx + ./services/nginx.nix ./services/gitea/default.nix ./services/kerberos ./services/webmail @@ -26,8 +25,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - virtualisation.podman.enable = true; - networking.hostName = "bekkalokk"; systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // { diff --git a/hosts/bekkalokk/services/gitea/ci.nix b/hosts/bekkalokk/services/gitea/ci.nix index c33c72d..5533cba 100644 --- a/hosts/bekkalokk/services/gitea/ci.nix +++ b/hosts/bekkalokk/services/gitea/ci.nix @@ -27,4 +27,5 @@ lib.mkMerge [ (mkRunner "alpha") (mkRunner "beta") (mkRunner "epsilon") + { virtualisation.podman.enable = true; } ] diff --git a/hosts/bekkalokk/services/nginx/default.nix b/hosts/bekkalokk/services/nginx.nix similarity index 60% rename from hosts/bekkalokk/services/nginx/default.nix rename to hosts/bekkalokk/services/nginx.nix index 0ff747d..41d3c38 100644 --- a/hosts/bekkalokk/services/nginx/default.nix +++ b/hosts/bekkalokk/services/nginx.nix @@ -1,8 +1,4 @@ { pkgs, config, ... }: { - imports = [ - ./ingress.nix - ]; - services.nginx.enable = true; } diff --git a/hosts/bekkalokk/services/nginx/ingress.nix b/hosts/bekkalokk/services/nginx/ingress.nix deleted file mode 100644 index a434668..0000000 --- a/hosts/bekkalokk/services/nginx/ingress.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, ... }: -{ - services.nginx.virtualHosts = { - "pvv.ntnu.no" = { - serverAliases = [ "pvv.org" ]; - addSSL = true; - enableACME = true; - kTLS = true; - - locations = { - # Proxy home directories - "/~" = { - extraConfig = '' - proxy_redirect off; - proxy_pass https://tom.pvv.ntnu.no; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - - # Redirect old wiki entries - "/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp"; - "/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen"; - "/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover"; - "/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret"; - "/info/".return = "301 https://www.pvv.ntnu.no/pvv/"; - "/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner"; - "/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent"; - "/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider"; - "/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT"; - "/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift"; - "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse"; - "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza"; - - # TODO: Redirect webmail - "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail"; - - # Redirect everything else to the main website - "/".return = "301 https://www.pvv.ntnu.no$request_uri"; - - # Proxy the matrix well-known files - # Host has be set before proxy_pass - # The header must be set so nginx on the other side routes it to the right place - "/.well-known/matrix/" = { - extraConfig = '' - proxy_set_header Host matrix.pvv.ntnu.no; - proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/; - ''; - }; - }; - }; - }; -} - diff --git a/hosts/bekkalokk/services/website/default.nix b/hosts/bekkalokk/services/website/default.nix index 2886a44..d3ebb2e 100644 --- a/hosts/bekkalokk/services/website/default.nix +++ b/hosts/bekkalokk/services/website/default.nix @@ -72,4 +72,55 @@ in { "php_admin_flag[log_errors]" = true; "catch_workers_output" = true; }; + + services.nginx.virtualHosts.${cfg.domainName} = { + serverAliases = [ + "pvv.ntnu.no" + "www.pvv.ntnu.org" + "pvv.org" + ]; + + locations = { + # Proxy home directories + "/~" = { + extraConfig = '' + proxy_redirect off; + proxy_pass https://tom.pvv.ntnu.no; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + + # Redirect the old webmail/wiki paths from spikkjeposche + "/webmail".return = "301 https://webmail.pvv.ntnu.no"; + "~ /pvv/([^\\n\\r]*)".return = "301 https://wiki.pvv.ntnu.no/wiki/$1"; + "= /pvv".return = "301 https://wiki.pvv.ntnu.no/"; + + # Redirect old wiki entries + "/disk".return = "301 https://wiki.pvv.ntnu.no/wiki/Diskkjøp"; + "/dok/boker.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Bokhyllen"; + "/styret/lover/".return = "301 https://wiki.pvv.ntnu.no/wiki/Lover"; + "/styret/".return = "301 https://wiki.pvv.ntnu.no/wiki/Styret"; + "/info/".return = "301 https://wiki.pvv.ntnu.no/wiki/"; + "/info/maskinpark/".return = "301 https://wiki.pvv.ntnu.no/wiki/Maskiner"; + "/medlemssider/meldinn.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Medlemskontingent"; + "/diverse/medlems-sider.php".return = "301 https://wiki.pvv.ntnu.no/wiki/Medlemssider"; + "/cert/".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT"; + "/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift"; + "/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse"; + "/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza"; + + # Proxy the matrix well-known files + # Host has be set before proxy_pass + # The header must be set so nginx on the other side routes it to the right place + "/.well-known/matrix/" = { + extraConfig = '' + proxy_set_header Host matrix.pvv.ntnu.no; + proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/; + ''; + }; + }; + }; }