public-web-static: host Easterhegg 20 website static export

2024-09-28 05:00:31 +02:00 · 2024-09-28 05:00:31 +02:00 · 539b17edc3
commit 539b17edc3
parent 982c73f96a
2 changed files with 87 additions and 0 deletions
--- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix
@ -7,5 +7,6 @@
    ./eh07.nix
    ./eh09.nix
    ./eh11.nix
+    ./eh20.nix
  ];
 }
--- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
+++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
@ -0,0 +1,86 @@
+{ pkgs, ... }:
+
+let
+  eh20 = pkgs.fetchgit {
+    url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-eh20-website.git";
+    rev = "026932ef2f1fb85c99269e0fb547589a25d3687c";
+    hash = "sha256-YYxHhPYIioJgyHXNieoX6ibasHcNw/AFk+qCNSOxke4=";
+  };
+in
+{
+  security.acme.certs."eh20.easterhegg.eu".extraDomainNames = [
+    "www.eh20.easterhegg.eu"
+    "eh20.hamburg.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-eh20.easterhegg.eu" = {
+      enableACME = true;
+      serverName = "eh20.easterhegg.eu";
+      serverAliases = [
+        "www.eh20.easterhegg.eu"
+        "eh20.hamburg.ccc.de"
+      ];
+      listen = [{
+        addr = "0.0.0.0";
+        port = 31820;
+      }];
+    };
+
+    "www.eh20.easterhegg.eu" = {
+      forceSSL = true;
+      useACMEHost = "eh20.easterhegg.eu";
+      serverAliases = [
+        "eh20.hamburg.ccc.de"
+      ];
+
+      listen = [{
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }];
+
+      locations."/".return = "302 https://eh20.easterhegg.eu";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    "eh20.easterhegg.eu" = {
+      forceSSL = true;
+      useACMEHost = "eh20.easterhegg.eu";
+
+      listen = [{
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }];
+
+      locations."/" = {
+        index = "start.html";
+        root = "${eh20}/wiki_siteexport";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}