CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues Pull requests 2 Wiki Activity

public-web-static(host): move to new network and to v6

Browse source
This commit is contained in:
June 2026-04-28 23:30:00 +02:00
commit dd2f3178db
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
31 changed files with 502 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/hosts/public-web-static/configuration.nix
View file

@ -1,7 +1,10 @@
{ ... }:
{
networking.hostName = "public-web-static";
networking = {
hostName = "public-web-static";
domain = "hosts.hamburg.ccc.de";
};
system.stateVersion = "23.05";
}

8
config/hosts/public-web-static/networking.nix
View file

@ -3,14 +3,14 @@
{
networking = {
interfaces.net0 = {
ipv4.addresses = [
ipv6.addresses = [
{
address = "172.31.17.151";
prefixLength = 25;
address = "2a00:14b0:42:102::17";
prefixLength = 64;
}
];
};
defaultGateway = "172.31.17.129";
defaultGateway6 = "2a00:14b0:42:102::1";
nameservers = [ "212.12.50.158" "192.76.134.90" ];
search = [ "hamburg.ccc.de" ];
};

10
config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix
View file

@ -14,6 +14,10 @@ in
serverName = "branding-resources.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -26,6 +30,12 @@ in
useACMEHost = "branding-resources.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

16
config/hosts/public-web-static/virtualHosts/c3cat.de.nix
View file

@ -16,6 +16,10 @@ in {
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,6 +32,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -61,6 +71,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

16
config/hosts/public-web-static/virtualHosts/c3dog.de.nix
View file

@ -16,6 +16,10 @@ in {
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,6 +32,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -57,6 +67,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

30
config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix
View file

@ -17,6 +17,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -30,6 +34,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -81,12 +91,20 @@ in
"local.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://cpu.ccc.de";

16
config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix
View file

@ -16,6 +16,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,6 +32,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -55,6 +65,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

16
config/hosts/public-web-static/virtualHosts/diday.org.nix
View file

@ -16,6 +16,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,6 +32,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -50,6 +60,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix
View file

@ -11,6 +11,10 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,6 +27,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix
View file

@ -40,6 +40,10 @@ in
serverName = "element-admin.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -52,6 +56,12 @@ in
useACMEHost = "element-admin.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
View file

@ -24,6 +24,10 @@ in
serverName = "element.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -36,6 +40,12 @@ in
useACMEHost = "element.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

12
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
View file

@ -12,6 +12,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -22,12 +26,18 @@ in
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/shop" = {
return = "302 https://tickets.hamburg.ccc.de";
};
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix
View file

@ -12,6 +12,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -24,6 +28,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
View file

@ -7,6 +7,10 @@
serverName = "hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -20,6 +24,12 @@
default = true;
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix
View file

@ -25,10 +25,16 @@ in
"easterhegg2003.hamburg.ccc.de"
"www.easterhegg2003.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"easterhegg2003.hamburg.ccc.de" = {
@ -40,12 +46,20 @@ in
"www.easterhegg2003.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh03.easterhegg.eu";
@ -65,18 +79,26 @@ in
forceSSL = true;
useACMEHost = "eh03.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "index.html";
root = eh03;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix
View file

@ -25,10 +25,16 @@ in
"easterhegg2005.hamburg.ccc.de"
"www.easterhegg2005.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"easterhegg2005.hamburg.ccc.de" = {
@ -40,12 +46,20 @@ in
"www.easterhegg2005.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh05.easterhegg.eu";
@ -65,18 +79,26 @@ in
forceSSL = true;
useACMEHost = "eh05.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "index.shtml";
root = eh05;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix
View file

@ -29,10 +29,16 @@ in
"easterhegg2007.hamburg.ccc.de"
"www.easterhegg2007.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"easterhegg2007.hamburg.ccc.de" = {
@ -46,12 +52,20 @@ in
"www.easterhegg2007.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh07.easterhegg.eu";
@ -71,18 +85,26 @@ in
forceSSL = true;
useACMEHost = "eh07.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "index.shtml";
root = eh07;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix
View file

@ -29,10 +29,16 @@ in
"easterhegg2009.hamburg.ccc.de"
"www.easterhegg2009.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"easterhegg2009.hamburg.ccc.de" = {
@ -46,12 +52,20 @@ in
"www.easterhegg2009.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh09.easterhegg.eu";
@ -71,18 +85,26 @@ in
forceSSL = true;
useACMEHost = "eh09.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "index.shtml";
root = eh09;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix
View file

@ -29,10 +29,16 @@ in
"easterhegg2011.hamburg.ccc.de"
"www.easterhegg2011.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"easterhegg2011.hamburg.ccc.de" = {
@ -46,12 +52,20 @@ in
"www.easterhegg2011.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh11.easterhegg.eu";
@ -71,18 +85,26 @@ in
forceSSL = true;
useACMEHost = "eh11.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "index.shtml";
root = eh11;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

54
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
View file

@ -21,10 +21,16 @@ in
"www.eh20.easterhegg.eu"
"eh20.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"www.eh20.easterhegg.eu" = {
@ -34,12 +40,20 @@ in
"eh20.hamburg.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/".return = "302 https://eh20.easterhegg.eu";
@ -59,12 +73,20 @@ in
forceSSL = true;
useACMEHost = "eh20.easterhegg.eu";
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
index = "start.html";

10
config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix
View file

@ -7,6 +7,10 @@
serverName = "spaceapi.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -19,6 +23,12 @@
useACMEHost = "spaceapi.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix
View file

@ -11,6 +11,10 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,6 +27,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix
View file

@ -11,6 +11,10 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,6 +27,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

16
config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix
View file

@ -16,6 +16,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,6 +32,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -55,6 +65,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

6
config/hosts/public-web-static/virtualHosts/staging.diday.org.nix
View file

@ -21,6 +21,12 @@ in
forceSSL = true;
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix
View file

@ -11,6 +11,10 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,6 +27,12 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix
View file

@ -12,6 +12,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -24,6 +28,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix
View file

@ -12,6 +12,10 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -24,6 +28,12 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
View file

@ -7,6 +7,10 @@
serverName = "staging.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -19,6 +23,12 @@
useACMEHost = "staging.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix
View file

@ -7,6 +7,10 @@
serverName = "www.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -19,6 +23,12 @@
useACMEHost = "www.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

3
deployment_configuration.json
View file

@ -6,9 +6,6 @@
"matrix": {
"targetHostname": "matrix-intern.hamburg.ccc.de"
},
"public-web-static": {
"targetHostname": "public-web-static-intern.hamburg.ccc.de"
},
"git": {
"targetHostname": "git.hamburg.ccc.de"
},