CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 3
Code Issues Pull requests 2 Wiki Activity

deploy diday.org site

Browse source
This commit is contained in:
lilly 2026-02-27 21:04:40 +01:00
commit bbfe9eba6f
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
6 changed files with 72 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/hosts/public-web-static/nginx.nix
View file

@ -8,7 +8,7 @@
# load the DI-Day redirect map from the webroot
map $request_uri $did_redirect_target {
include /var/www/did.hamburg.ccc.de/nginx-redirects.conf;
include /var/www/diday.org/nginx-redirects.conf;
}
'';
};

8
config/hosts/public-web-static/secrets.yaml
View file

@ -1,4 +1,6 @@
spaceapid_config_ccchh_credentials: ENC[AES256_GCM,data:5IClrKKMO/AztQuGabrnoRFItYNeEmVWGeafomVO94pL1RKzL1sCxBxnmzvJFPb/8Y+6FXMh+Mim4DP8B2RaJMLpmqCv+76N/5+527SZ6gn9i2Klg6q0kD9RzJv40qHq/NYLCa24tpcZDt7eB0EOgqLsKUmtX2LrQjjnN3NzjAevJGKQ5ypnb7xygjft2KrpvlR1hMnZ0XpSLDTNR1AmImxE24JtDaJKzwXbptr2IZvm1UFkNslxdqHPjN+N8+MSSLhqHy/FdcY2ADvsTX1jtjnjkb+9E30QOeCiFPKSmWtSGiQ9sPcQna1yr717Vk0EiNSAWDQ2fMZyJUgBXG6w3wiZbxfJmxvshLPs5KguF9NHER+Seps1QiE0p16c0IS/0Y24UYrK2GyUIcSReGufjxUFGTJHFSsNANac34H/RTs7BkoZ,iv:8WzTRaXVeH5GKmigMVTLVBnhy6nXZnTZHLAYHcqDs2s=,tag:jTdgz0gmruMWWDBQ3h70vw==,type:str]
staging.diday.org:
lego.env: ENC[AES256_GCM,data:PCah9T6gKMADx47bhT5fTcylnKjC8ZDjZl4E4FJRa1zUmihLe8hj65w=,iv:IrIgBPHvaQx2bjrUapzmcsMoQ+Md4edsJQmL+ykJddE=,tag:SV8igeQ2/o7V3oJUdYMc2Q==,type:str]
sops:
age:
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
@ -19,8 +21,8 @@ sops:
ZE9rN3R4aHRXR0dBc2oxcEYrL1lxZncKuVocF84+ge1gyzfNjIxhwNgd8+kJIpxh
yREbS2mrQ2zvSMtw9OoA0KJSpoHZfIiCwn2uYkQDPiGB/721JmA12Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-26T01:21:16Z"
mac: ENC[AES256_GCM,data:ENLJIlcUXLEt+vXp/F2YATUZrc9ZjaE4AWwvG280etdsufEw/vGAWBhG2KT+CkcZLaJ4ctVvNlJEqU/pRzae+m/43SV3GNAG+jjT2VmNm0NyNYN27bpsj4tq11D27LPn7CkfBUB0gnmGJXVKalxhFkHBf+eq3ted8dPIv9YNRt8=,iv:Yfz7scjN3qDY9lV1SYOqrejiEwf4dVSPJhiFRJyFPio=,tag:SOw4Nhx6wwYIisRJl0SSRA==,type:str]
lastmodified: "2026-02-27T19:45:05Z"
mac: ENC[AES256_GCM,data:7tjKwRlcOHEg+CU5BP20gzjLK2YFTDtoHmQlsQsiy4JjRNIeVDWtzTnwsMwQ9KuDaGaJqL8Tgmu7nUZyDPS44G58by19oLIRRFj1emaNUigJQGCqNM5zKA9wF7OZKpnK0y3adu7ydNrtoBvw//9vWPZ0WMUwJXHNsyKMOHs36Yo=,iv:kIaDPhrbDMogNAgOVYvyDeAgc/FmzwHANoB+O9WGuV0=,tag:J3jejVDNGLquiiBkNiHbtQ==,type:str]
pgp:
- created_at: "2026-02-17T22:22:02Z"
enc: |-
@ -145,4 +147,4 @@ sops:
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.11.0

2
config/hosts/public-web-static/virtualHosts/default.nix
View file

@ -18,8 +18,8 @@
./staging.hackertours.hamburg.ccc.de.nix
./staging.hamburg.ccc.de.nix
./www.hamburg.ccc.de.nix
./staging.did.hamburg.ccc.de.nix
./diday.org.nix
./staging.diday.org.nix
./historic-easterhegg
];
}

8
config/hosts/public-web-static/virtualHosts/diday.org.nix
View file

@ -36,6 +36,10 @@ in
}
];
basicAuth = {
"preview" = "liebe";
};
extraConfig = ''
return 301 https://diday.org;
'';
@ -54,6 +58,10 @@ in
}
];
basicAuth = {
"preview" = "liebe";
};
root = "${dataDir}";
extraConfig = ''

32
config/hosts/public-web-static/virtualHosts/staging.did.hamburg.ccc.de.nix → config/hosts/public-web-static/virtualHosts/staging.diday.org.nix
View file

@ -1,29 +1,23 @@
{ ... }:
{ config, ... }:
let
domain = "staging.did.hamburg.ccc.de";
domain = "staging.diday.org";
dataDir = "/var/www/${domain}";
deployUser = "diday-website-deploy";
in
{
# security.acme.certs."${domain}".extraDomainNames = [];
security.acme.certs."${domain}" = {
domain = "*.diday.org";
group = "nginx";
server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsProvider = "desec";
environmentFile = config.sops.secrets."staging.diday.org/lego.env".path;
};
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
forceSSL = true;
listen = [
{
@ -34,7 +28,9 @@ in
}
];
root = "${dataDir}";
basicAuth = {
"preview" = "liebe";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
@ -56,4 +52,6 @@ in
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
sops.secrets."staging.diday.org/lego.env" = {};
}