From 394f4fe562673be980c32371b8653a230262b8ea Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 22 Jan 2024 23:08:38 +0100
Subject: [PATCH] Deploy new website under hamburg.ccc.de

Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs
of the old website deployment properly.
Also redirect the old spaceapi endpoint to the new one.

Add staging.hamburg.ccc.de for hosting upcoming changes (PRs).
Also give it a robots.txt, since its contents don't need to show up in
search engines.

Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
---
 .../virtualHosts/default.nix                  |  4 +-
 .../virtualHosts/hamburg.ccc.de.nix           | 87 +++++++++++++++++++
 ....ccc.de.nix => staging.hamburg.ccc.de.nix} | 18 ++--
 .../virtualHosts/www.hamburg.ccc.de.nix       | 46 ++++++++++
 4 files changed, 148 insertions(+), 7 deletions(-)
 create mode 100644 config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
 rename config/hosts/public-web-static/virtualHosts/{next.hamburg.ccc.de.nix => staging.hamburg.ccc.de.nix} (69%)
 create mode 100644 config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix

diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix
index 5036faf..e22165f 100644
--- a/config/hosts/public-web-static/virtualHosts/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/default.nix
@@ -5,7 +5,9 @@
     ./branding-resources.hamburg.ccc.de.nix
     ./c3cat.de.nix
     ./element.hamburg.ccc.de.nix
-    ./next.hamburg.ccc.de.nix
+    ./hamburg.ccc.de.nix
     ./spaceapi.hamburg.ccc.de.nix
+    ./staging.hamburg.ccc.de.nix
+    ./www.hamburg.ccc.de.nix
   ];
 }
diff --git a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
new file mode 100644
index 0000000..a318fec
--- /dev/null
+++ b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
@@ -0,0 +1,87 @@
+{ pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "acme-hamburg.ccc.de" = {
+      enableACME = true;
+      serverName = "hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "/var/www/hamburg.ccc.de/";
+
+      # Redirect the old spaceapi endpoint to the new one.
+      locations."/dooris/status.json" = {
+        return = "302 https://spaceapi.hamburg.ccc.de/";
+      };
+
+      # Redirect pages starting with 4 digits for redirecting the old blog
+      # article URLs.
+      # We want to redirect /yyyy/mm/dd/slug to /blog/yyyy/mm/dd/slug, but we
+      # just match the first 4 digits for simplicity.
+      locations."~ \"^/[\\d]{4}\"" = {
+        return = "302 https://$host/blog$request_uri";
+      };
+
+      # Redirect pages, which previously lived on the old website, to their
+      # successors in the wiki.
+      locations."/club/satzung" = {
+        return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:satzung";
+      };
+      locations."/club/hausordnung" = {
+        return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:hausordnung";
+      };
+      locations."/club/vertrauenspersonen" = {
+        return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:vertrauenspersonen";
+      };
+      locations."/club/beitragsordnung" = {
+        return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:beitragsordnung";
+      };
+      locations."/club/mitgliedschaft" = {
+        return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:foemi-formular";
+      };
+      locations."/club/geschichte" = {
+        return = "302 https://wiki.hamburg.ccc.de/club:geschichte";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+
+  users.users.ccchh-website-deploy = {
+    isNormalUser = true;
+    group = "ccchh-website-deploy";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
+    ];
+  };
+  users.groups.ccchh-website-deploy = { };
+}
diff --git a/config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
similarity index 69%
rename from config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix
rename to config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
index a0dff81..a36a099 100644
--- a/config/hosts/public-web-static/virtualHosts/next.hamburg.ccc.de.nix
+++ b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
@@ -2,9 +2,9 @@
 
 {
   services.nginx.virtualHosts = {
-    "acme-next.hamburg.ccc.de" = {
+    "acme-staging.hamburg.ccc.de" = {
       enableACME = true;
-      serverName = "next.hamburg.ccc.de";
+      serverName = "staging.hamburg.ccc.de";
 
       listen = [
         {
@@ -14,9 +14,9 @@
       ];
     };
 
-    "next.hamburg.ccc.de" = {
+    "staging.hamburg.ccc.de" = {
       forceSSL = true;
-      useACMEHost = "next.hamburg.ccc.de";
+      useACMEHost = "staging.hamburg.ccc.de";
 
       listen = [
         {
@@ -27,7 +27,13 @@
         }
       ];
 
-      root = "/var/www/next.hamburg.ccc.de/";
+      root = "/var/www/staging.hamburg.ccc.de/";
+
+      # Disallow *, since this is staging and doesn't need to be in any search
+      # results.
+      locations."/robots.txt" = {
+        return = "200 \"User-agent: *\\nDisallow: *\\n\"";
+      };
 
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
@@ -46,7 +52,7 @@
     isNormalUser = true;
     group = "ccchh-website-deploy";
     openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
     ];
   };
   users.groups.ccchh-website-deploy = { };
diff --git a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix
new file mode 100644
index 0000000..a29fbd2
--- /dev/null
+++ b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix
@@ -0,0 +1,46 @@
+{ pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "acme-www.hamburg.ccc.de" = {
+      enableACME = true;
+      serverName = "www.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "www.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "www.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      locations."/" = {
+        return = "302 https://hamburg.ccc.de$request_uri";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}