From 445bf05842a7ee3f36361eb7907c715d90bc4799 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Sat, 28 Sep 2024 05:00:31 +0200
Subject: [PATCH] public-web-static: host Easterhegg 20 website static export

---
 .../historic-easterhegg/default.nix           |  1 +
 .../virtualHosts/historic-easterhegg/eh20.nix | 86 +++++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix

diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix
index f9805cf..fe53d04 100644
--- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix
@@ -7,5 +7,6 @@
     ./eh07.nix
     ./eh09.nix
     ./eh11.nix
+    ./eh20.nix
   ];
 }
\ No newline at end of file
diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
new file mode 100644
index 0000000..947791d
--- /dev/null
+++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
@@ -0,0 +1,86 @@
+{ pkgs, ... }:
+
+let
+  eh20 = pkgs.fetchgit {
+    url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-eh20-website.git";
+    rev = "026932ef2f1fb85c99269e0fb547589a25d3687c";
+    hash = "sha256-YYxHhPYIioJgyHXNieoX6ibasHcNw/AFk+qCNSOxke4=";
+  };
+in
+{
+  security.acme.certs."eh20.easterhegg.eu".extraDomainNames = [
+    "www.eh20.easterhegg.eu"
+    "eh20.hamburg.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-eh20.easterhegg.eu" = {
+      enableACME = true;
+      serverName = "eh20.easterhegg.eu";
+      serverAliases = [
+        "www.eh20.easterhegg.eu"
+        "eh20.hamburg.ccc.de"
+      ];
+      listen = [{
+        addr = "0.0.0.0";
+        port = 31820;
+      }];
+    };
+
+    "www.eh20.easterhegg.eu" = {
+      forceSSL = true;
+      useACMEHost = "eh20.easterhegg.eu";
+      serverAliases = [
+        "eh20.hamburg.ccc.de"
+      ];
+
+      listen = [{
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }];
+
+      locations."/".return = "302 https://eh20.easterhegg.eu";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    "eh20.easterhegg.eu" = {
+      forceSSL = true;
+      useACMEHost = "eh20.easterhegg.eu";
+
+      listen = [{
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }];
+
+      locations."/" = {
+        index = "start.html";
+        root = "${eh20}/wiki_siteexport";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}