Add hacker.tours and a staging env. similar to the CCCHH website one
This commit is contained in:
parent
8a6820a418
commit
b6d48859cc
|
@ -5,8 +5,10 @@
|
|||
./branding-resources.hamburg.ccc.de.nix
|
||||
./c3cat.de.nix
|
||||
./element.hamburg.ccc.de.nix
|
||||
./hacker.tours.nix
|
||||
./hamburg.ccc.de.nix
|
||||
./spaceapi.hamburg.ccc.de.nix
|
||||
./staging.hacker.tours.nix
|
||||
./staging.hamburg.ccc.de.nix
|
||||
./www.hamburg.ccc.de.nix
|
||||
./historic-easterhegg
|
||||
|
|
63
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
Normal file
63
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
Normal file
|
@ -0,0 +1,63 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "hacker.tours";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "hackertours-website-deploy";
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
serverName = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
root = "${dataDir}";
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
error_page 404 /404.html;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||
];
|
||||
|
||||
users.users."${deployUser}" = {
|
||||
isNormalUser = true;
|
||||
group = "${deployUser}";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrDTANfPMkcf+V7zkypzaeX2fxkfStPHmZKqC29xyqy deploy key for hacker.tours"
|
||||
];
|
||||
};
|
||||
users.groups."${deployUser}" = { };
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "staging.hacker.tours";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "hackertours-website-deploy";
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
serverName = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
root = "${dataDir}";
|
||||
|
||||
# Disallow *, since this is staging and doesn't need to be in any search
|
||||
# results.
|
||||
locations."/robots.txt" = {
|
||||
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||
];
|
||||
|
||||
# Hackertours deploy user already defined in hacker.tours.nix.
|
||||
}
|
Loading…
Reference in a new issue