diff --git a/config/hosts/forgejo-actions-runner/configuration.nix b/config/hosts/forgejo-actions-runner/configuration.nix index 713e795..d2a52da 100644 --- a/config/hosts/forgejo-actions-runner/configuration.nix +++ b/config/hosts/forgejo-actions-runner/configuration.nix @@ -1,10 +1,7 @@ { config, pkgs, ... }: { - networking = { - hostName = "forgejo-actions-runner"; - domain = "hosts.hamburg.ccc.de"; - }; + networking.hostName = "forgejo-actions-runner"; system.stateVersion = "23.11"; } diff --git a/config/hosts/forgejo-actions-runner/docker.nix b/config/hosts/forgejo-actions-runner/docker.nix index 043f272..b626e9f 100644 --- a/config/hosts/forgejo-actions-runner/docker.nix +++ b/config/hosts/forgejo-actions-runner/docker.nix @@ -9,8 +9,5 @@ enable = true; dates = "weekly"; }; - daemon.settings = { - ipv6 = true; - }; }; } diff --git a/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix b/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix index 2efeefe..d5a93c1 100644 --- a/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix +++ b/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix @@ -15,9 +15,6 @@ tokenFile = "/run/secrets/forgejo_actions_runner_registration_token"; labels = [ "docker:docker://node:current-bookworm" ]; settings = { - container = { - enable_ipv6 = true; - }; cache = { proxy_port = 45540; }; @@ -38,9 +35,6 @@ "alpine-latest:docker://node:current-alpine" ]; settings = { - container = { - enable_ipv6 = true; - }; cache = { proxy_port = 45541; }; diff --git a/config/hosts/forgejo-actions-runner/networking.nix b/config/hosts/forgejo-actions-runner/networking.nix index 0c09eda..71aa47a 100644 --- a/config/hosts/forgejo-actions-runner/networking.nix +++ b/config/hosts/forgejo-actions-runner/networking.nix @@ -5,14 +5,14 @@ let in { networking = { interfaces.net0 = { - ipv6.addresses = [ + ipv4.addresses = [ { - address = "2a00:14b0:42:102::18"; - prefixLength = 64; + address = "172.31.17.155"; + prefixLength = 25; } ]; }; - defaultGateway6 = "2a00:14b0:42:102::1"; + defaultGateway = "172.31.17.129"; nameservers = [ "212.12.50.158" "192.76.134.90" ]; search = [ "hamburg.ccc.de" ]; }; diff --git a/config/hosts/public-web-static/configuration.nix b/config/hosts/public-web-static/configuration.nix index a8e5f29..9e2aebc 100644 --- a/config/hosts/public-web-static/configuration.nix +++ b/config/hosts/public-web-static/configuration.nix @@ -1,10 +1,7 @@ { ... }: { - networking = { - hostName = "public-web-static"; - domain = "hosts.hamburg.ccc.de"; - }; + networking.hostName = "public-web-static"; system.stateVersion = "23.05"; } diff --git a/config/hosts/public-web-static/networking.nix b/config/hosts/public-web-static/networking.nix index 2758338..cb22d40 100644 --- a/config/hosts/public-web-static/networking.nix +++ b/config/hosts/public-web-static/networking.nix @@ -3,14 +3,14 @@ { networking = { interfaces.net0 = { - ipv6.addresses = [ + ipv4.addresses = [ { - address = "2a00:14b0:42:102::17"; - prefixLength = 64; + address = "172.31.17.151"; + prefixLength = 25; } ]; }; - defaultGateway6 = "2a00:14b0:42:102::1"; + defaultGateway = "172.31.17.129"; nameservers = [ "212.12.50.158" "192.76.134.90" ]; search = [ "hamburg.ccc.de" ]; }; diff --git a/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix index edeca47..a28f77c 100644 --- a/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix @@ -14,10 +14,6 @@ in serverName = "branding-resources.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -30,12 +26,6 @@ in useACMEHost = "branding-resources.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix index 54b7462..95f9b59 100644 --- a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix +++ b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix @@ -16,10 +16,6 @@ in { ]; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -32,12 +28,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -71,12 +61,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix index dcca75a..3589418 100644 --- a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix +++ b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix @@ -3,7 +3,7 @@ let domain = "c3dog.de"; dataDir = "/var/www/${domain}"; - deployUser = "c3dog-website-deploy"; + deployUser = "c3cat-website-deploy"; in { security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ]; @@ -16,10 +16,6 @@ in { ]; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -32,12 +28,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -67,12 +57,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -99,13 +83,4 @@ in { systemd.tmpfiles.rules = [ "d ${dataDir} 0755 ${deployUser} ${deployUser}" ]; - - users.users."${deployUser}" = { - isNormalUser = true; - group = "${deployUser}"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7iXsVArl4SbDczb4U3zGkZCiVO/lfn12gkOEOnKmEX deploy key for c3dog.de" - ]; - }; - users.groups."${deployUser}" = { }; } diff --git a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix index 79f6fb4..d2e779a 100644 --- a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix @@ -17,10 +17,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -34,12 +30,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -91,20 +81,12 @@ in "local.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://cpu.ccc.de"; diff --git a/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix b/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix index 59934eb..37d95b9 100644 --- a/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix @@ -16,10 +16,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -32,12 +28,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -65,12 +55,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix index 404ca35..dfac565 100644 --- a/config/hosts/public-web-static/virtualHosts/default.nix +++ b/config/hosts/public-web-static/virtualHosts/default.nix @@ -15,7 +15,6 @@ ./hamburg.ccc.de.nix ./spaceapi.hamburg.ccc.de.nix ./staging.c3cat.de.nix - ./staging.c3dog.de.nix ./staging.cryptoparty-hamburg.de.nix ./staging.docs.c3voc.de.nix ./staging.hacker.tours.nix diff --git a/config/hosts/public-web-static/virtualHosts/diday.org.nix b/config/hosts/public-web-static/virtualHosts/diday.org.nix index d9f3b31..547c797 100644 --- a/config/hosts/public-web-static/virtualHosts/diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/diday.org.nix @@ -16,10 +16,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -32,12 +28,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -46,6 +36,10 @@ in } ]; + basicAuth = { + "preview" = "liebe"; + }; + extraConfig = '' return 301 https://diday.org; ''; @@ -56,12 +50,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -70,6 +58,10 @@ in } ]; + basicAuth = { + "preview" = "liebe"; + }; + root = "${dataDir}"; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix index 956baf4..a91edc1 100644 --- a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix @@ -11,10 +11,6 @@ in { serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -27,12 +23,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -52,8 +42,6 @@ in { # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; - - port_in_redirect off; ''; }; }; diff --git a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix index f30e9a7..670b191 100644 --- a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix @@ -40,10 +40,6 @@ in serverName = "element-admin.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -56,12 +52,6 @@ in useACMEHost = "element-admin.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index b8a014f..360fb76 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -24,10 +24,6 @@ in serverName = "element.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -40,12 +36,6 @@ in useACMEHost = "element.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index dd6fc90..20bb644 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -12,10 +12,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -26,18 +22,12 @@ in "${domain}" = { forceSSL = true; useACMEHost = "${domain}"; - + locations."/shop" = { return = "302 https://tickets.hamburg.ccc.de"; }; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix index 269aa92..eeb7778 100644 --- a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix @@ -12,10 +12,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -28,12 +24,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix index abbf5aa..1c967c9 100644 --- a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix @@ -7,10 +7,6 @@ serverName = "hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -24,12 +20,6 @@ default = true; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix index bb8bd6e..2c5dd86 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix @@ -25,16 +25,10 @@ in "easterhegg2003.hamburg.ccc.de" "www.easterhegg2003.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "easterhegg2003.hamburg.ccc.de" = { @@ -46,20 +40,12 @@ in "www.easterhegg2003.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh03.easterhegg.eu"; @@ -79,26 +65,18 @@ in forceSSL = true; useACMEHost = "eh03.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "index.html"; root = eh03; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix index a6b6f80..37cb893 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix @@ -25,16 +25,10 @@ in "easterhegg2005.hamburg.ccc.de" "www.easterhegg2005.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "easterhegg2005.hamburg.ccc.de" = { @@ -46,20 +40,12 @@ in "www.easterhegg2005.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh05.easterhegg.eu"; @@ -79,26 +65,18 @@ in forceSSL = true; useACMEHost = "eh05.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "index.shtml"; root = eh05; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix index 80a404b..ebfa712 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix @@ -29,16 +29,10 @@ in "easterhegg2007.hamburg.ccc.de" "www.easterhegg2007.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "easterhegg2007.hamburg.ccc.de" = { @@ -52,20 +46,12 @@ in "www.easterhegg2007.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh07.easterhegg.eu"; @@ -85,26 +71,18 @@ in forceSSL = true; useACMEHost = "eh07.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "index.shtml"; root = eh07; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix index f2720f4..ea274af 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix @@ -29,16 +29,10 @@ in "easterhegg2009.hamburg.ccc.de" "www.easterhegg2009.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "easterhegg2009.hamburg.ccc.de" = { @@ -52,20 +46,12 @@ in "www.easterhegg2009.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh09.easterhegg.eu"; @@ -85,26 +71,18 @@ in forceSSL = true; useACMEHost = "eh09.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "index.shtml"; root = eh09; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix index e44d0f5..39d7fad 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix @@ -29,16 +29,10 @@ in "easterhegg2011.hamburg.ccc.de" "www.easterhegg2011.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "easterhegg2011.hamburg.ccc.de" = { @@ -52,20 +46,12 @@ in "www.easterhegg2011.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh11.easterhegg.eu"; @@ -85,26 +71,18 @@ in forceSSL = true; useACMEHost = "eh11.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "index.shtml"; root = eh11; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix index c72a72b..afc93c1 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix @@ -21,16 +21,10 @@ in "www.eh20.easterhegg.eu" "eh20.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 31820; + }]; }; "www.eh20.easterhegg.eu" = { @@ -40,20 +34,12 @@ in "eh20.hamburg.ccc.de" ]; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/".return = "302 https://eh20.easterhegg.eu"; @@ -73,20 +59,12 @@ in forceSSL = true; useACMEHost = "eh20.easterhegg.eu"; - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; locations."/" = { index = "start.html"; diff --git a/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix index 105c0e5..7852639 100644 --- a/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix @@ -7,10 +7,6 @@ serverName = "spaceapi.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -23,12 +19,6 @@ useACMEHost = "spaceapi.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix index 3f9f7a3..c91d283 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix @@ -11,10 +11,6 @@ in { serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -27,12 +23,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix deleted file mode 100644 index 697ac69..0000000 --- a/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, ... }: - -let - domain = "staging.c3dog.de"; - dataDir = "/var/www/${domain}"; - deployUser = "c3dog-website-deploy"; -in { - services.nginx.virtualHosts = { - "acme-${domain}" = { - enableACME = true; - serverName = "${domain}"; - - listen = [ - { - addr = "[::]"; - port = 31820; - } - { - addr = "0.0.0.0"; - port = 31820; - } - ]; - }; - - "${domain}" = { - forceSSL = true; - useACMEHost = "${domain}"; - - listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; - - root = "${dataDir}"; - - # Disallow *, since this is staging and doesn't need to be in any search - # results. - locations."/robots.txt" = { - return = "200 \"User-agent: *\\nDisallow: *\\n\""; - }; - - extraConfig = '' - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - ''; - }; - }; - - systemd.tmpfiles.rules = [ - "d ${dataDir} 0755 ${deployUser} ${deployUser}" - ]; - - # c3dog deploy user already defined in c3dog.de.nix. -} diff --git a/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix b/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix index 21ef153..6733dad 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix @@ -16,10 +16,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -32,12 +28,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -65,12 +55,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix index c6afb80..b165348 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix @@ -21,12 +21,6 @@ in forceSSL = true; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -35,6 +29,10 @@ in } ]; + basicAuth = { + "preview" = "liebe"; + }; + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy diff --git a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix index b70af70..5b3d387 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix @@ -11,10 +11,6 @@ in { serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -27,12 +23,6 @@ in { useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; @@ -58,8 +48,6 @@ in { # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; - - port_in_redirect off; ''; }; }; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix index 7e44a84..14ede9b 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix @@ -12,10 +12,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -28,12 +24,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix index 0c7cd28..79ca38c 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix @@ -12,10 +12,6 @@ in serverName = "${domain}"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -28,12 +24,6 @@ in useACMEHost = "${domain}"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix index 624b632..f7e0752 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix @@ -7,10 +7,6 @@ serverName = "staging.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -23,12 +19,6 @@ useACMEHost = "staging.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix index 4f241f1..a29fbd2 100644 --- a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix @@ -7,10 +7,6 @@ serverName = "www.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 31820; - } { addr = "0.0.0.0"; port = 31820; @@ -23,12 +19,6 @@ useACMEHost = "www.hamburg.ccc.de"; listen = [ - { - addr = "[::]"; - port = 8443; - ssl = true; - proxyProtocol = true; - } { addr = "0.0.0.0"; port = 8443; diff --git a/deployment_configuration.json b/deployment_configuration.json index eddd7b0..3ae44cc 100644 --- a/deployment_configuration.json +++ b/deployment_configuration.json @@ -6,9 +6,15 @@ "matrix": { "targetHostname": "matrix-intern.hamburg.ccc.de" }, + "public-web-static": { + "targetHostname": "public-web-static-intern.hamburg.ccc.de" + }, "git": { "targetHostname": "git.hamburg.ccc.de" }, + "forgejo-actions-runner": { + "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" + }, "woodpecker": { "targetHostname": "woodpecker-intern.hamburg.ccc.de" }, diff --git a/flake.lock b/flake.lock index ed279ac..8f672b0 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1777077449, - "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", + "lastModified": 1775002709, + "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", + "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1776949667, - "narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=", + "lastModified": 1775126147, + "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30", + "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef", "type": "github" }, "original": { @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1776771786, - "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", + "lastModified": 1775188331, + "narHash": "sha256-/0BoSi0Dg0ON7IW0oscM12WSPBaMSCn36XTt0lHZoy8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", + "rev": "8f093d0d2f08f37317778bd94db5951d6cce6c46", "type": "github" }, "original": {