From ddcf4eff0d7cc3cac592e6e565aea52c213325bf Mon Sep 17 00:00:00 2001 From: julian Date: Sat, 7 Oct 2023 05:17:53 +0200 Subject: [PATCH] Introduce branding-resources site and brand Element welcome/auth page --- .../branding-resources.hamburg.ccc.de.nix | 56 +++++++++++++++++++ .../virtualHosts/default.nix | 1 + .../element-web-config/config.json | 9 +++ .../virtualHosts/element.hamburg.ccc.de.nix | 2 - 4 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix diff --git a/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix new file mode 100644 index 0000000..a37baf1 --- /dev/null +++ b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix @@ -0,0 +1,56 @@ +{ pkgs, ... }: + +let + ccchhBrandingResources = pkgs.fetchgit { + url = "https://gitlab.hamburg.ccc.de/ccchh/ccchh-branding.git"; + rev = "232dfa89ede1414db58576a491021e15c16a5133"; + hash = "sha256-qhNcvkRpLJmFg8yQYUJ6rV0HdTRDcl5Cp/lJ/tL2Q4w="; + }; +in +{ + services.nginx.virtualHosts = { + "acme-branding-resources.hamburg.ccc.de" = { + enableACME = true; + serverName = "branding-resources.hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 31820; + } + ]; + }; + + "branding-resources.hamburg.ccc.de" = { + forceSSL = true; + useACMEHost = "branding-resources.hamburg.ccc.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + + root = pkgs.buildEnv { + name = "ccchh-branding-resources"; + paths = [ + ccchhBrandingResources + ]; + }; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix index a65dd9b..dadf345 100644 --- a/config/hosts/public-web-static/virtualHosts/default.nix +++ b/config/hosts/public-web-static/virtualHosts/default.nix @@ -2,6 +2,7 @@ { imports = [ + ./branding-resources.hamburg.ccc.de.nix ./element.hamburg.ccc.de.nix ]; } diff --git a/config/hosts/public-web-static/virtualHosts/element-web-config/config.json b/config/hosts/public-web-static/virtualHosts/element-web-config/config.json index 28c8f71..393c215 100644 --- a/config/hosts/public-web-static/virtualHosts/element-web-config/config.json +++ b/config/hosts/public-web-static/virtualHosts/element-web-config/config.json @@ -43,5 +43,14 @@ }, "jitsi": { "preferredDomain": "meet.element.io" + }, + "branding": { + "welcome_background_url": "https://branding-resources.hamburg.ccc.de/background/blur-more-blur-edit.jpg", + "auth_header_logo_url": "https://branding-resources.hamburg.ccc.de/logo/ccchh-logo-no-background.png", + "auth_footer_links": [ + { "text": "Website", "url": "https://hamburg.ccc.de/" }, + { "text": "Wiki", "url": "https://wiki.ccchh.net/" }, + { "text": "Status", "url": "https://status.ccchh.net/status/main" } + ] } } diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index b9e74b7..d506939 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -19,7 +19,6 @@ in { services.nginx.virtualHosts = { "acme-element.hamburg.ccc.de" = { - default = true; enableACME = true; serverName = "element.hamburg.ccc.de"; @@ -32,7 +31,6 @@ in }; "element.hamburg.ccc.de" = { - default = true; forceSSL = true; useACMEHost = "element.hamburg.ccc.de";