CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 3
Code Issues Pull requests 2 Projects Wiki Activity

Deploy new website under hamburg.ccc.de

Browse source 
Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs
of the old website deployment properly.
Also redirect the old spaceapi endpoint to the new one.

Add staging.hamburg.ccc.de for hosting upcoming changes (PRs).
Also give it a robots.txt, since its contents don't need to show up in
search engines.

Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
This commit is contained in:
June 2024-01-22 23:08:38 +01:00
parent 485ed0fec2
commit 394f4fe562
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 148 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/hosts/public-web-static/virtualHosts/default.nix
View file

@ -5,7 +5,9 @@
./branding-resources.hamburg.ccc.de.nix
./c3cat.de.nix
./element.hamburg.ccc.de.nix
./next.hamburg.ccc.de.nix
./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix
./staging.hamburg.ccc.de.nix
./www.hamburg.ccc.de.nix
];
}

87
config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix Normal file
View file

@ -0,0 +1,87 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts = {
"acme-hamburg.ccc.de" = {
enableACME = true;
serverName = "hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "/var/www/hamburg.ccc.de/";
# Redirect the old spaceapi endpoint to the new one.
locations."/dooris/status.json" = {
return = "302 https://spaceapi.hamburg.ccc.de/";
};
# Redirect pages starting with 4 digits for redirecting the old blog
# article URLs.
# We want to redirect /yyyy/mm/dd/slug to /blog/yyyy/mm/dd/slug, but we
# just match the first 4 digits for simplicity.
locations."~ \"^/[\\d]{4}\"" = {
return = "302 https://$host/blog$request_uri";
};
# Redirect pages, which previously lived on the old website, to their
# successors in the wiki.
locations."/club/satzung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:satzung";
};
locations."/club/hausordnung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:hausordnung";
};
locations."/club/vertrauenspersonen" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:vertrauenspersonen";
};
locations."/club/beitragsordnung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:beitragsordnung";
};
locations."/club/mitgliedschaft" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:foemi-formular";
};
locations."/club/geschichte" = {
return = "302 https://wiki.hamburg.ccc.de/club:geschichte";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
users.users.ccchh-website-deploy = {
isNormalUser = true;
group = "ccchh-website-deploy";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
];
};
users.groups.ccchh-website-deploy = { };
}

18
config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix → config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
View file

@ -2,9 +2,9 @@
{
services.nginx.virtualHosts = {
"acme-next.hamburg.ccc.de" = {
"acme-staging.hamburg.ccc.de" = {
enableACME = true;
serverName = "next.hamburg.ccc.de";
serverName = "staging.hamburg.ccc.de";
listen = [
{
@ -14,9 +14,9 @@
];
};
"next.hamburg.ccc.de" = {
"staging.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "next.hamburg.ccc.de";
useACMEHost = "staging.hamburg.ccc.de";
listen = [
{
@ -27,7 +27,13 @@
}
];
root = "/var/www/next.hamburg.ccc.de/";
root = "/var/www/staging.hamburg.ccc.de/";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
@ -46,7 +52,7 @@
isNormalUser = true;
group = "ccchh-website-deploy";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
];
};
users.groups.ccchh-website-deploy = { };

46
config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts = {
"acme-www.hamburg.ccc.de" = {
enableACME = true;
serverName = "www.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"www.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "www.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
return = "302 https://hamburg.ccc.de$request_uri";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
}