felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-12-09 20:17:14 +01:00
Code Issues Projects Releases Wiki Activity

bekkalokk: set up pvv-nettsiden

Browse Source
This commit is contained in:
h7x4
2024-03-28 10:52:59 +01:00
committed by Felix Albrigtsen
parent 03c9638098
commit 8657e77514
8 changed files with 125 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/bekkalokk/configuration.nix
View File

@@ -9,7 +9,7 @@
#./services/keycloak.nix
# TODO: set up authentication for the following:
# ./services/website.nix
./services/website
./services/nginx
./services/gitea/default.nix
./services/kerberos

4
hosts/bekkalokk/services/nginx/ingress.nix
View File

@@ -1,8 +1,8 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = {
"www2.pvv.ntnu.no" = {
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
"pvv.ntnu.no" = {
serverAliases = [ "pvv.org" ];
addSSL = true;
enableACME = true;
kTLS = true;

4
hosts/bekkalokk/services/website.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
}

66
hosts/bekkalokk/services/website/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{ pkgs, lib, config, ... }:
let
format = pkgs.formats.php { };
cfg = config.services.pvv-nettsiden;
in {
imports = [
./fetch-gallery.nix
];
services.idp.sp-remote-metadata = [ "https://www2.pvv.ntnu.no/simplesaml/" ];
services.pvv-nettsiden = {
enable = true;
package = pkgs.pvv-nettsiden.override {
extra_files = {
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''
<?php
$config = array(
# 'admin' => array(
# 'core:AdminPassword'
# ),
'default-sp' => array(
'saml:SP',
'entityID' => 'https://www2.pvv.ntnu.no/simplesaml/',
'idp' => 'https://idp2.pvv.ntnu.no/',
),
);
'';
};
};
domainName = "www2.pvv.ntnu.no";
settings = {
DOOR_SECRET = "verysecret";
DB = {
DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no";
USER = "www-data_www2";
PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')";
};
SAML = {
COOKIE_SALT = "changeme";
COOKIE_SECURE = true;
ADMIN_NAME = "PVV Drift";
ADMIN_EMAIL = "drift@pvv.ntnu.no";
ADMIN_PASSWORD = "torskefjes";
TRUSTED_DOMAINS = [ cfg.domainName ];
};
};
};
services.phpfpm.pools."pvv-nettsiden".settings = {
# "php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
sops.secrets."nettsiden/database/password" = {
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
group = config.services.phpfpm.pools.pvv-nettsiden.group;
};
}

5
hosts/bekkalokk/services/website/fetch-gallery.nix Normal file
View File

@@ -0,0 +1,5 @@
{ pkgs, lib, config, ... }:
{
}