From 2fe65b0513f7105eb4cdf3bcd7ddd0b80275ad3d Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Sat, 12 Oct 2024 22:14:42 +0200
Subject: [PATCH] public-web-static: add staging for hackertours.hamburg.ccc.de

---
 .../virtualHosts/default.nix                  |  1 +
 .../staging.hackertours.hamburg.ccc.de.nix    | 56 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix

diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix
index 814c29c..dac4fa4 100644
--- a/config/hosts/public-web-static/virtualHosts/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/default.nix
@@ -10,6 +10,7 @@
     ./hamburg.ccc.de.nix
     ./spaceapi.hamburg.ccc.de.nix
     ./staging.hacker.tours.nix
+    ./staging.hackertours.hamburg.ccc.de.nix
     ./staging.hamburg.ccc.de.nix
     ./www.hamburg.ccc.de.nix
     ./historic-easterhegg
diff --git a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix
new file mode 100644
index 0000000..11b9e9b
--- /dev/null
+++ b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix
@@ -0,0 +1,56 @@
+{ pkgs, ... }:
+
+let
+  domain = "staging.hackertours.hamburg.ccc.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "ht-ccchh-website-deploy";
+in {
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        error_page 404 /404.html;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  # Hackertours CCCHH deploy user already defined in hackertours.hamburg.ccc.de.nix.
+}