From 6ac55fe4a2f1454ffc70f372997b727904838738 Mon Sep 17 00:00:00 2001 From: June Date: Sat, 4 Apr 2026 17:21:39 +0200 Subject: [PATCH 1/7] fix ports in redirects --- config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix | 2 ++ .../public-web-static/virtualHosts/staging.docs.c3voc.de.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix index a91edc1..5c257da 100644 --- a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix @@ -42,6 +42,8 @@ in { # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; + + port_in_redirect off; ''; }; }; diff --git a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix index 5b3d387..2170f8c 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix @@ -48,6 +48,8 @@ in { # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; + + port_in_redirect off; ''; }; }; From d1ef492f93f18809a80266ab9e9a33af465caf5d Mon Sep 17 00:00:00 2001 From: June Date: Sat, 11 Apr 2026 20:44:22 +0200 Subject: [PATCH 2/7] establish c3dog.de and staging as their own websites --- .../virtualHosts/c3dog.de.nix | 11 +++- .../virtualHosts/default.nix | 1 + .../virtualHosts/staging.c3dog.de.nix | 60 +++++++++++++++++++ 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix diff --git a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix index 3589418..16fedd5 100644 --- a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix +++ b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix @@ -3,7 +3,7 @@ let domain = "c3dog.de"; dataDir = "/var/www/${domain}"; - deployUser = "c3cat-website-deploy"; + deployUser = "c3dog-website-deploy"; in { security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ]; @@ -83,4 +83,13 @@ in { systemd.tmpfiles.rules = [ "d ${dataDir} 0755 ${deployUser} ${deployUser}" ]; + + users.users."${deployUser}" = { + isNormalUser = true; + group = "${deployUser}"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7iXsVArl4SbDczb4U3zGkZCiVO/lfn12gkOEOnKmEX deploy key for c3dog.de" + ]; + }; + users.groups."${deployUser}" = { }; } diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix index dfac565..404ca35 100644 --- a/config/hosts/public-web-static/virtualHosts/default.nix +++ b/config/hosts/public-web-static/virtualHosts/default.nix @@ -15,6 +15,7 @@ ./hamburg.ccc.de.nix ./spaceapi.hamburg.ccc.de.nix ./staging.c3cat.de.nix + ./staging.c3dog.de.nix ./staging.cryptoparty-hamburg.de.nix ./staging.docs.c3voc.de.nix ./staging.hacker.tours.nix diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix new file mode 100644 index 0000000..d69ad2b --- /dev/null +++ b/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix @@ -0,0 +1,60 @@ +{ pkgs, ... }: + +let + domain = "staging.c3dog.de"; + dataDir = "/var/www/${domain}"; + deployUser = "c3dog-website-deploy"; +in { + services.nginx.virtualHosts = { + "acme-${domain}" = { + enableACME = true; + serverName = "${domain}"; + + listen = [ + { + addr = "0.0.0.0"; + port = 31820; + } + ]; + }; + + "${domain}" = { + forceSSL = true; + useACMEHost = "${domain}"; + + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + + root = "${dataDir}"; + + # Disallow *, since this is staging and doesn't need to be in any search + # results. + locations."/robots.txt" = { + return = "200 \"User-agent: *\\nDisallow: *\\n\""; + }; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${dataDir} 0755 ${deployUser} ${deployUser}" + ]; + + # c3dog deploy user already defined in c3dog.de.nix. +} From fe27dba7fd05eead48988013be453aafb63d07c2 Mon Sep 17 00:00:00 2001 From: June Date: Mon, 27 Apr 2026 18:41:38 +0200 Subject: [PATCH 3/7] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:nixos/nixpkgs/bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e' (2026-04-01) → 'github:nixos/nixpkgs/a4bf06618f0b5ee50f14ed8f0da77d34ecc19160' (2026-04-25) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/8d8c1fa5b412c223ffa47410867813290cdedfef' (2026-04-02) → 'github:nixos/nixpkgs/01fbdeef22b76df85ea168fbfe1bfd9e63681b30' (2026-04-23) • Updated input 'sops-nix': 'github:Mic92/sops-nix/8f093d0d2f08f37317778bd94db5951d6cce6c46' (2026-04-03) → 'github:Mic92/sops-nix/bef289e2248991f7afeb95965c82fbcd8ff72598' (2026-04-21) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8f672b0..ed279ac 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775002709, - "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=", + "lastModified": 1777077449, + "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e", + "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1775126147, - "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=", + "lastModified": 1776949667, + "narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef", + "rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30", "type": "github" }, "original": { @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1775188331, - "narHash": "sha256-/0BoSi0Dg0ON7IW0oscM12WSPBaMSCn36XTt0lHZoy8=", + "lastModified": 1776771786, + "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8f093d0d2f08f37317778bd94db5951d6cce6c46", + "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", "type": "github" }, "original": { From dd2f3178db2cdc5728e31387e35cd2496ea101ae Mon Sep 17 00:00:00 2001 From: June Date: Tue, 28 Apr 2026 23:30:00 +0200 Subject: [PATCH 4/7] public-web-static(host): move to new network and to v6 --- .../hosts/public-web-static/configuration.nix | 5 +- config/hosts/public-web-static/networking.nix | 8 +-- .../branding-resources.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/c3cat.de.nix | 16 ++++++ .../virtualHosts/c3dog.de.nix | 16 ++++++ .../virtualHosts/cpu.ccc.de.nix | 30 ++++++++-- .../virtualHosts/cryptoparty-hamburg.de.nix | 16 ++++++ .../virtualHosts/diday.org.nix | 16 ++++++ .../virtualHosts/docs.c3voc.de.nix | 10 ++++ .../element-admin.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/element.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/hacker.tours.nix | 12 +++- .../hackertours.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/historic-easterhegg/eh03.nix | 56 +++++++++++++------ .../virtualHosts/historic-easterhegg/eh05.nix | 56 +++++++++++++------ .../virtualHosts/historic-easterhegg/eh07.nix | 56 +++++++++++++------ .../virtualHosts/historic-easterhegg/eh09.nix | 56 +++++++++++++------ .../virtualHosts/historic-easterhegg/eh11.nix | 56 +++++++++++++------ .../virtualHosts/historic-easterhegg/eh20.nix | 54 ++++++++++++------ .../virtualHosts/spaceapi.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/staging.c3cat.de.nix | 10 ++++ .../virtualHosts/staging.c3dog.de.nix | 10 ++++ .../staging.cryptoparty-hamburg.de.nix | 16 ++++++ .../virtualHosts/staging.diday.org.nix | 6 ++ .../virtualHosts/staging.docs.c3voc.de.nix | 10 ++++ .../virtualHosts/staging.hacker.tours.nix | 10 ++++ .../staging.hackertours.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/staging.hamburg.ccc.de.nix | 10 ++++ .../virtualHosts/www.hamburg.ccc.de.nix | 10 ++++ deployment_configuration.json | 3 - 31 files changed, 502 insertions(+), 116 deletions(-) diff --git a/config/hosts/public-web-static/configuration.nix b/config/hosts/public-web-static/configuration.nix index 9e2aebc..a8e5f29 100644 --- a/config/hosts/public-web-static/configuration.nix +++ b/config/hosts/public-web-static/configuration.nix @@ -1,7 +1,10 @@ { ... }: { - networking.hostName = "public-web-static"; + networking = { + hostName = "public-web-static"; + domain = "hosts.hamburg.ccc.de"; + }; system.stateVersion = "23.05"; } diff --git a/config/hosts/public-web-static/networking.nix b/config/hosts/public-web-static/networking.nix index cb22d40..2758338 100644 --- a/config/hosts/public-web-static/networking.nix +++ b/config/hosts/public-web-static/networking.nix @@ -3,14 +3,14 @@ { networking = { interfaces.net0 = { - ipv4.addresses = [ + ipv6.addresses = [ { - address = "172.31.17.151"; - prefixLength = 25; + address = "2a00:14b0:42:102::17"; + prefixLength = 64; } ]; }; - defaultGateway = "172.31.17.129"; + defaultGateway6 = "2a00:14b0:42:102::1"; nameservers = [ "212.12.50.158" "192.76.134.90" ]; search = [ "hamburg.ccc.de" ]; }; diff --git a/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix index a28f77c..edeca47 100644 --- a/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix @@ -14,6 +14,10 @@ in serverName = "branding-resources.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -26,6 +30,12 @@ in useACMEHost = "branding-resources.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix index 95f9b59..54b7462 100644 --- a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix +++ b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix @@ -16,6 +16,10 @@ in { ]; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -28,6 +32,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -61,6 +71,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix index 16fedd5..dcca75a 100644 --- a/config/hosts/public-web-static/virtualHosts/c3dog.de.nix +++ b/config/hosts/public-web-static/virtualHosts/c3dog.de.nix @@ -16,6 +16,10 @@ in { ]; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -28,6 +32,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -57,6 +67,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix index d2e779a..79f6fb4 100644 --- a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix @@ -17,6 +17,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -30,6 +34,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -81,12 +91,20 @@ in "local.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://cpu.ccc.de"; diff --git a/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix b/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix index 37d95b9..59934eb 100644 --- a/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix @@ -16,6 +16,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -28,6 +32,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -55,6 +65,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/diday.org.nix b/config/hosts/public-web-static/virtualHosts/diday.org.nix index 547c797..42117bf 100644 --- a/config/hosts/public-web-static/virtualHosts/diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/diday.org.nix @@ -16,6 +16,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -28,6 +32,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -50,6 +60,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix index 5c257da..956baf4 100644 --- a/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix @@ -11,6 +11,10 @@ in { serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -23,6 +27,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix index 670b191..f30e9a7 100644 --- a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix @@ -40,6 +40,10 @@ in serverName = "element-admin.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -52,6 +56,12 @@ in useACMEHost = "element-admin.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index 360fb76..b8a014f 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -24,6 +24,10 @@ in serverName = "element.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -36,6 +40,12 @@ in useACMEHost = "element.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index 20bb644..dd6fc90 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -12,6 +12,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -22,12 +26,18 @@ in "${domain}" = { forceSSL = true; useACMEHost = "${domain}"; - + locations."/shop" = { return = "302 https://tickets.hamburg.ccc.de"; }; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix index eeb7778..269aa92 100644 --- a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix @@ -12,6 +12,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -24,6 +28,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix index 1c967c9..abbf5aa 100644 --- a/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix @@ -7,6 +7,10 @@ serverName = "hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -20,6 +24,12 @@ default = true; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix index 2c5dd86..bb8bd6e 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix @@ -25,10 +25,16 @@ in "easterhegg2003.hamburg.ccc.de" "www.easterhegg2003.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "easterhegg2003.hamburg.ccc.de" = { @@ -40,12 +46,20 @@ in "www.easterhegg2003.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh03.easterhegg.eu"; @@ -65,18 +79,26 @@ in forceSSL = true; useACMEHost = "eh03.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "index.html"; root = eh03; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix index 37cb893..a6b6f80 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix @@ -25,10 +25,16 @@ in "easterhegg2005.hamburg.ccc.de" "www.easterhegg2005.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "easterhegg2005.hamburg.ccc.de" = { @@ -40,12 +46,20 @@ in "www.easterhegg2005.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh05.easterhegg.eu"; @@ -65,18 +79,26 @@ in forceSSL = true; useACMEHost = "eh05.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "index.shtml"; root = eh05; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix index ebfa712..80a404b 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix @@ -29,10 +29,16 @@ in "easterhegg2007.hamburg.ccc.de" "www.easterhegg2007.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "easterhegg2007.hamburg.ccc.de" = { @@ -46,12 +52,20 @@ in "www.easterhegg2007.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh07.easterhegg.eu"; @@ -71,18 +85,26 @@ in forceSSL = true; useACMEHost = "eh07.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "index.shtml"; root = eh07; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix index ea274af..f2720f4 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix @@ -29,10 +29,16 @@ in "easterhegg2009.hamburg.ccc.de" "www.easterhegg2009.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "easterhegg2009.hamburg.ccc.de" = { @@ -46,12 +52,20 @@ in "www.easterhegg2009.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh09.easterhegg.eu"; @@ -71,18 +85,26 @@ in forceSSL = true; useACMEHost = "eh09.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "index.shtml"; root = eh09; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix index 39d7fad..e44d0f5 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix @@ -29,10 +29,16 @@ in "easterhegg2011.hamburg.ccc.de" "www.easterhegg2011.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "easterhegg2011.hamburg.ccc.de" = { @@ -46,12 +52,20 @@ in "www.easterhegg2011.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh11.easterhegg.eu"; @@ -71,18 +85,26 @@ in forceSSL = true; useACMEHost = "eh11.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "index.shtml"; root = eh11; extraConfig = '' - # Set default_type to html + # Set default_type to html default_type text/html; # Enable SSI ssi on; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix index afc93c1..c72a72b 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix @@ -21,10 +21,16 @@ in "www.eh20.easterhegg.eu" "eh20.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 31820; - }]; + listen = [ + { + addr = "[::]"; + port = 31820; + } + { + addr = "0.0.0.0"; + port = 31820; + } + ]; }; "www.eh20.easterhegg.eu" = { @@ -34,12 +40,20 @@ in "eh20.hamburg.ccc.de" ]; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/".return = "302 https://eh20.easterhegg.eu"; @@ -59,12 +73,20 @@ in forceSSL = true; useACMEHost = "eh20.easterhegg.eu"; - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; + listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; locations."/" = { index = "start.html"; diff --git a/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix index 7852639..105c0e5 100644 --- a/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix @@ -7,6 +7,10 @@ serverName = "spaceapi.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -19,6 +23,12 @@ useACMEHost = "spaceapi.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix index c91d283..3f9f7a3 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix @@ -11,6 +11,10 @@ in { serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -23,6 +27,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix index d69ad2b..697ac69 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix @@ -11,6 +11,10 @@ in { serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -23,6 +27,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix b/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix index 6733dad..21ef153 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix @@ -16,6 +16,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -28,6 +32,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; @@ -55,6 +65,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix index b165348..7ff72b8 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix @@ -21,6 +21,12 @@ in forceSSL = true; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix index 2170f8c..b70af70 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix @@ -11,6 +11,10 @@ in { serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -23,6 +27,12 @@ in { useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix index 14ede9b..7e44a84 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix @@ -12,6 +12,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -24,6 +28,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix index 79ca38c..0c7cd28 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix @@ -12,6 +12,10 @@ in serverName = "${domain}"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -24,6 +28,12 @@ in useACMEHost = "${domain}"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix index f7e0752..624b632 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix @@ -7,6 +7,10 @@ serverName = "staging.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -19,6 +23,12 @@ useACMEHost = "staging.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix index a29fbd2..4f241f1 100644 --- a/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix @@ -7,6 +7,10 @@ serverName = "www.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 31820; + } { addr = "0.0.0.0"; port = 31820; @@ -19,6 +23,12 @@ useACMEHost = "www.hamburg.ccc.de"; listen = [ + { + addr = "[::]"; + port = 8443; + ssl = true; + proxyProtocol = true; + } { addr = "0.0.0.0"; port = 8443; diff --git a/deployment_configuration.json b/deployment_configuration.json index 3ae44cc..9a768bf 100644 --- a/deployment_configuration.json +++ b/deployment_configuration.json @@ -6,9 +6,6 @@ "matrix": { "targetHostname": "matrix-intern.hamburg.ccc.de" }, - "public-web-static": { - "targetHostname": "public-web-static-intern.hamburg.ccc.de" - }, "git": { "targetHostname": "git.hamburg.ccc.de" }, From e0b593289d1019dcd91ea0b3fa69d2ff4928cd97 Mon Sep 17 00:00:00 2001 From: June Date: Wed, 29 Apr 2026 03:08:20 +0200 Subject: [PATCH 5/7] forgejo-actions-runner(host): enable IPv6 support in Docker Enable the relevant config option and move to new network with an explicit IPv6, because otherwise there's no default v6 route and v6 in the Docker containers doesn't work. --- config/hosts/forgejo-actions-runner/configuration.nix | 5 ++++- config/hosts/forgejo-actions-runner/docker.nix | 3 +++ config/hosts/forgejo-actions-runner/networking.nix | 8 ++++---- deployment_configuration.json | 3 --- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/config/hosts/forgejo-actions-runner/configuration.nix b/config/hosts/forgejo-actions-runner/configuration.nix index d2a52da..713e795 100644 --- a/config/hosts/forgejo-actions-runner/configuration.nix +++ b/config/hosts/forgejo-actions-runner/configuration.nix @@ -1,7 +1,10 @@ { config, pkgs, ... }: { - networking.hostName = "forgejo-actions-runner"; + networking = { + hostName = "forgejo-actions-runner"; + domain = "hosts.hamburg.ccc.de"; + }; system.stateVersion = "23.11"; } diff --git a/config/hosts/forgejo-actions-runner/docker.nix b/config/hosts/forgejo-actions-runner/docker.nix index b626e9f..043f272 100644 --- a/config/hosts/forgejo-actions-runner/docker.nix +++ b/config/hosts/forgejo-actions-runner/docker.nix @@ -9,5 +9,8 @@ enable = true; dates = "weekly"; }; + daemon.settings = { + ipv6 = true; + }; }; } diff --git a/config/hosts/forgejo-actions-runner/networking.nix b/config/hosts/forgejo-actions-runner/networking.nix index 71aa47a..0c09eda 100644 --- a/config/hosts/forgejo-actions-runner/networking.nix +++ b/config/hosts/forgejo-actions-runner/networking.nix @@ -5,14 +5,14 @@ let in { networking = { interfaces.net0 = { - ipv4.addresses = [ + ipv6.addresses = [ { - address = "172.31.17.155"; - prefixLength = 25; + address = "2a00:14b0:42:102::18"; + prefixLength = 64; } ]; }; - defaultGateway = "172.31.17.129"; + defaultGateway6 = "2a00:14b0:42:102::1"; nameservers = [ "212.12.50.158" "192.76.134.90" ]; search = [ "hamburg.ccc.de" ]; }; diff --git a/deployment_configuration.json b/deployment_configuration.json index 9a768bf..eddd7b0 100644 --- a/deployment_configuration.json +++ b/deployment_configuration.json @@ -9,9 +9,6 @@ "git": { "targetHostname": "git.hamburg.ccc.de" }, - "forgejo-actions-runner": { - "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" - }, "woodpecker": { "targetHostname": "woodpecker-intern.hamburg.ccc.de" }, From b74304319a2c246d71b6aed91d86e35f057522af Mon Sep 17 00:00:00 2001 From: June Date: Wed, 29 Apr 2026 03:34:04 +0200 Subject: [PATCH 6/7] forgejo-actions-runner(host): also enable IPv6 support in runner config --- .../hosts/forgejo-actions-runner/forgejo-actions-runner.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix b/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix index d5a93c1..2efeefe 100644 --- a/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix +++ b/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix @@ -15,6 +15,9 @@ tokenFile = "/run/secrets/forgejo_actions_runner_registration_token"; labels = [ "docker:docker://node:current-bookworm" ]; settings = { + container = { + enable_ipv6 = true; + }; cache = { proxy_port = 45540; }; @@ -35,6 +38,9 @@ "alpine-latest:docker://node:current-alpine" ]; settings = { + container = { + enable_ipv6 = true; + }; cache = { proxy_port = 45541; }; From e3b638b10fc790adbed3247b67703a35050bffd2 Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 01:12:23 +0200 Subject: [PATCH 7/7] remove basic-auth from diday.org --- config/hosts/public-web-static/virtualHosts/diday.org.nix | 8 -------- .../public-web-static/virtualHosts/staging.diday.org.nix | 4 ---- 2 files changed, 12 deletions(-) diff --git a/config/hosts/public-web-static/virtualHosts/diday.org.nix b/config/hosts/public-web-static/virtualHosts/diday.org.nix index 42117bf..d9f3b31 100644 --- a/config/hosts/public-web-static/virtualHosts/diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/diday.org.nix @@ -46,10 +46,6 @@ in } ]; - basicAuth = { - "preview" = "liebe"; - }; - extraConfig = '' return 301 https://diday.org; ''; @@ -74,10 +70,6 @@ in } ]; - basicAuth = { - "preview" = "liebe"; - }; - root = "${dataDir}"; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix index 7ff72b8..c6afb80 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix @@ -35,10 +35,6 @@ in } ]; - basicAuth = { - "preview" = "liebe"; - }; - extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy