public-web-static: add hackertours.hamburg.ccc.de static web host

It can be deployed using a corresponding deploy key in the same manner hacker.tours and hamburg.ccc.de can be deployed.
2024-10-12 20:03:04 +02:00 · 2024-10-12 20:03:04 +02:00 · 4906d71540
commit 4906d71540
parent dfd6506e1c
2 changed files with 64 additions and 0 deletions
--- a/config/hosts/public-web-static/virtualHosts/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/default.nix
@ -6,6 +6,7 @@
    ./c3cat.de.nix
    ./element.hamburg.ccc.de.nix
    ./hacker.tours.nix
+    ./hackertours.hamburg.ccc.de.nix
    ./hamburg.ccc.de.nix
    ./spaceapi.hamburg.ccc.de.nix
    ./staging.hacker.tours.nix
--- a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix
+++ b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix
@ -0,0 +1,63 @@
+{ pkgs, ... }:
+
+let
+  domain = "hackertours.hamburg.ccc.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "ht-ccchh-website-deploy";
+in {
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        error_page 404 /404.html;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  users.users."${deployUser}" = {
+    isNormalUser = true;
+    group = "${deployUser}";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxMnllgRD6W85IQ0WrVJSwr7dKM8PLNK4pmGaJRu0OR deploy key for hackertours.hamburg.ccc.de"
+    ];
+  };
+  users.groups."${deployUser}" = { };
+}