diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix index 5036faf..e22165f 100644 --- a/config/hosts/public-web-static/virtualHosts/default.nix +++ b/config/hosts/public-web-static/virtualHosts/default.nix @@ -5,7 +5,9 @@ ./branding-resources.hamburg.ccc.de.nix ./c3cat.de.nix ./element.hamburg.ccc.de.nix - ./next.hamburg.ccc.de.nix + ./hamburg.ccc.de.nix ./spaceapi.hamburg.ccc.de.nix + ./staging.hamburg.ccc.de.nix + ./www.hamburg.ccc.de.nix ]; } diff --git a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix new file mode 100644 index 0000000..a318fec --- /dev/null +++ b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix @@ -0,0 +1,87 @@ +{ pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "acme-hamburg.ccc.de" = { + enableACME = true; + serverName = "hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 31820; + } + ]; + }; + + "hamburg.ccc.de" = { + forceSSL = true; + useACMEHost = "hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + + root = "/var/www/hamburg.ccc.de/"; + + # Redirect the old spaceapi endpoint to the new one. + locations."/dooris/status.json" = { + return = "302 https://spaceapi.hamburg.ccc.de/"; + }; + + # Redirect pages starting with 4 digits for redirecting the old blog + # article URLs. + # We want to redirect /yyyy/mm/dd/slug to /blog/yyyy/mm/dd/slug, but we + # just match the first 4 digits for simplicity. + locations."~ \"^/[\\d]{4}\"" = { + return = "302 https://$host/blog$request_uri"; + }; + + # Redirect pages, which previously lived on the old website, to their + # successors in the wiki. + locations."/club/satzung" = { + return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:satzung"; + }; + locations."/club/hausordnung" = { + return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:hausordnung"; + }; + locations."/club/vertrauenspersonen" = { + return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:vertrauenspersonen"; + }; + locations."/club/beitragsordnung" = { + return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:beitragsordnung"; + }; + locations."/club/mitgliedschaft" = { + return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:foemi-formular"; + }; + locations."/club/geschichte" = { + return = "302 https://wiki.hamburg.ccc.de/club:geschichte"; + }; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; + }; + + users.users.ccchh-website-deploy = { + isNormalUser = true; + group = "ccchh-website-deploy"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key" + ]; + }; + users.groups.ccchh-website-deploy = { }; +} diff --git a/config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix similarity index 69% rename from config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix rename to config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix index a0dff81..a36a099 100644 --- a/config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix @@ -2,9 +2,9 @@ { services.nginx.virtualHosts = { - "acme-next.hamburg.ccc.de" = { + "acme-staging.hamburg.ccc.de" = { enableACME = true; - serverName = "next.hamburg.ccc.de"; + serverName = "staging.hamburg.ccc.de"; listen = [ { @@ -14,9 +14,9 @@ ]; }; - "next.hamburg.ccc.de" = { + "staging.hamburg.ccc.de" = { forceSSL = true; - useACMEHost = "next.hamburg.ccc.de"; + useACMEHost = "staging.hamburg.ccc.de"; listen = [ { @@ -27,7 +27,13 @@ } ]; - root = "/var/www/next.hamburg.ccc.de/"; + root = "/var/www/staging.hamburg.ccc.de/"; + + # Disallow *, since this is staging and doesn't need to be in any search + # results. + locations."/robots.txt" = { + return = "200 \"User-agent: *\\nDisallow: *\\n\""; + }; extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and @@ -46,7 +52,7 @@ isNormalUser = true; group = "ccchh-website-deploy"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key" ]; }; users.groups.ccchh-website-deploy = { }; diff --git a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix new file mode 100644 index 0000000..a29fbd2 --- /dev/null +++ b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix @@ -0,0 +1,46 @@ +{ pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "acme-www.hamburg.ccc.de" = { + enableACME = true; + serverName = "www.hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 31820; + } + ]; + }; + + "www.hamburg.ccc.de" = { + forceSSL = true; + useACMEHost = "www.hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + + locations."/" = { + return = "302 https://hamburg.ccc.de$request_uri"; + }; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; + }; +}