Add hacker.tours and a staging env. similar to the CCCHH website one

This commit is contained in:
June 2024-06-13 22:53:06 +02:00 committed by echtnurich
parent 8a6820a418
commit b6d48859cc
Signed by: echtnurich
SSH key fingerprint: SHA256:1eIkxME0VPeXC2WMl9Haus+q0SLFymSAWU7f6Z+A8Aw
3 changed files with 125 additions and 0 deletions

View file

@ -5,8 +5,10 @@
./branding-resources.hamburg.ccc.de.nix
./c3cat.de.nix
./element.hamburg.ccc.de.nix
./hacker.tours.nix
./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix
./staging.hacker.tours.nix
./staging.hamburg.ccc.de.nix
./www.hamburg.ccc.de.nix
./historic-easterhegg

View file

@ -0,0 +1,63 @@
{ pkgs, ... }:
let
domain = "hacker.tours";
dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy";
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
error_page 404 /404.html;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
users.users."${deployUser}" = {
isNormalUser = true;
group = "${deployUser}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrDTANfPMkcf+V7zkypzaeX2fxkfStPHmZKqC29xyqy deploy key for hacker.tours"
];
};
users.groups."${deployUser}" = { };
}

View file

@ -0,0 +1,60 @@
{ pkgs, ... }:
let
domain = "staging.hacker.tours";
dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy";
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
# Hackertours deploy user already defined in hacker.tours.nix.
}