CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues Pull requests 2 Wiki Activity

Compare commits

base: CCCHH:main
Branches Tags
CCCHH:main
CCCHH:feat/docs-c3voc-static-web
CCCHH:shairport-sync-cleanup
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid
..
compare: CCCHH:feat/docs-c3voc-static-web
Branches Tags
CCCHH:main
CCCHH:feat/docs-c3voc-static-web
CCCHH:shairport-sync-cleanup
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid

No commits in common. "main" and "feat/docs-c3voc-static-web" have entirely different histories.
main ... feat/docs-

37 changed files with 146 additions and 603 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/hosts/forgejo-actions-runner/configuration.nix
View file

@ -1,10 +1,7 @@
{ config, pkgs, ... }:
{
networking = {
hostName = "forgejo-actions-runner";
domain = "hosts.hamburg.ccc.de";
};
networking.hostName = "forgejo-actions-runner";
system.stateVersion = "23.11";
}

3
config/hosts/forgejo-actions-runner/docker.nix
View file

@ -9,8 +9,5 @@
enable = true;
dates = "weekly";
};
daemon.settings = {
ipv6 = true;
};
};
}

6
config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix
View file

@ -15,9 +15,6 @@
tokenFile = "/run/secrets/forgejo_actions_runner_registration_token";
labels = [ "docker:docker://node:current-bookworm" ];
settings = {
container = {
enable_ipv6 = true;
};
cache = {
proxy_port = 45540;
};
@ -38,9 +35,6 @@
"alpine-latest:docker://node:current-alpine"
];
settings = {
container = {
enable_ipv6 = true;
};
cache = {
proxy_port = 45541;
};

8
config/hosts/forgejo-actions-runner/networking.nix
View file

@ -5,14 +5,14 @@ let
in {
networking = {
interfaces.net0 = {
ipv6.addresses = [
ipv4.addresses = [
{
address = "2a00:14b0:42:102::18";
prefixLength = 64;
address = "172.31.17.155";
prefixLength = 25;
}
];
};
defaultGateway6 = "2a00:14b0:42:102::1";
defaultGateway = "172.31.17.129";
nameservers = [ "212.12.50.158" "192.76.134.90" ];
search = [ "hamburg.ccc.de" ];
};

5
config/hosts/public-web-static/configuration.nix
View file

@ -1,10 +1,7 @@
{ ... }:
{
networking = {
hostName = "public-web-static";
domain = "hosts.hamburg.ccc.de";
};
networking.hostName = "public-web-static";
system.stateVersion = "23.05";
}

8
config/hosts/public-web-static/networking.nix
View file

@ -3,14 +3,14 @@
{
networking = {
interfaces.net0 = {
ipv6.addresses = [
ipv4.addresses = [
{
address = "2a00:14b0:42:102::17";
prefixLength = 64;
address = "172.31.17.151";
prefixLength = 25;
}
];
};
defaultGateway6 = "2a00:14b0:42:102::1";
defaultGateway = "172.31.17.129";
nameservers = [ "212.12.50.158" "192.76.134.90" ];
search = [ "hamburg.ccc.de" ];
};

10
config/hosts/public-web-static/virtualHosts/branding-resources.hamburg.ccc.de.nix
View file

@ -14,10 +14,6 @@ in
serverName = "branding-resources.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -30,12 +26,6 @@ in
useACMEHost = "branding-resources.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

16
config/hosts/public-web-static/virtualHosts/c3cat.de.nix
View file

@ -16,10 +16,6 @@ in {
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -32,12 +28,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -71,12 +61,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

27
config/hosts/public-web-static/virtualHosts/c3dog.de.nix
View file

@ -3,7 +3,7 @@
let
domain = "c3dog.de";
dataDir = "/var/www/${domain}";
deployUser = "c3dog-website-deploy";
deployUser = "c3cat-website-deploy";
in {
security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
@ -16,10 +16,6 @@ in {
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -32,12 +28,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -67,12 +57,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -99,13 +83,4 @@ in {
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
users.users."${deployUser}" = {
isNormalUser = true;
group = "${deployUser}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7iXsVArl4SbDczb4U3zGkZCiVO/lfn12gkOEOnKmEX deploy key for c3dog.de"
];
};
users.groups."${deployUser}" = { };
}

30
config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix
View file

@ -17,10 +17,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -34,12 +30,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -91,20 +81,12 @@ in
"local.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://cpu.ccc.de";

16
config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix
View file

@ -16,10 +16,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -32,12 +28,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -65,12 +55,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

1
config/hosts/public-web-static/virtualHosts/default.nix
View file

@ -15,7 +15,6 @@
./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix
./staging.c3cat.de.nix
./staging.c3dog.de.nix
./staging.cryptoparty-hamburg.de.nix
./staging.docs.c3voc.de.nix
./staging.hacker.tours.nix

24
config/hosts/public-web-static/virtualHosts/diday.org.nix
View file

@ -16,10 +16,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -32,12 +28,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -46,6 +36,10 @@ in
}
];
basicAuth = {
"preview" = "liebe";
};
extraConfig = ''
return 301 https://diday.org;
'';
@ -56,12 +50,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -70,6 +58,10 @@ in
}
];
basicAuth = {
"preview" = "liebe";
};
root = "${dataDir}";
extraConfig = ''

12
config/hosts/public-web-static/virtualHosts/docs.c3voc.de.nix
View file

@ -11,10 +11,6 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -27,12 +23,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -52,8 +42,6 @@ in {
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
port_in_redirect off;
'';
};
};

10
config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix
View file

@ -40,10 +40,6 @@ in
serverName = "element-admin.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -56,12 +52,6 @@ in
useACMEHost = "element-admin.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
View file

@ -24,10 +24,6 @@ in
serverName = "element.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -40,12 +36,6 @@ in
useACMEHost = "element.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

12
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
View file

@ -12,10 +12,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -26,18 +22,12 @@ in
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/shop" = {
return = "302 https://tickets.hamburg.ccc.de";
};
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix
View file

@ -12,10 +12,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,12 +24,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
View file

@ -7,10 +7,6 @@
serverName = "hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -24,12 +20,6 @@
default = true;
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix
View file

@ -25,16 +25,10 @@ in
"easterhegg2003.hamburg.ccc.de"
"www.easterhegg2003.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"easterhegg2003.hamburg.ccc.de" = {
@ -46,20 +40,12 @@ in
"www.easterhegg2003.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh03.easterhegg.eu";
@ -79,26 +65,18 @@ in
forceSSL = true;
useACMEHost = "eh03.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.html";
root = eh03;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix
View file

@ -25,16 +25,10 @@ in
"easterhegg2005.hamburg.ccc.de"
"www.easterhegg2005.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"easterhegg2005.hamburg.ccc.de" = {
@ -46,20 +40,12 @@ in
"www.easterhegg2005.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh05.easterhegg.eu";
@ -79,26 +65,18 @@ in
forceSSL = true;
useACMEHost = "eh05.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.shtml";
root = eh05;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix
View file

@ -29,16 +29,10 @@ in
"easterhegg2007.hamburg.ccc.de"
"www.easterhegg2007.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"easterhegg2007.hamburg.ccc.de" = {
@ -52,20 +46,12 @@ in
"www.easterhegg2007.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh07.easterhegg.eu";
@ -85,26 +71,18 @@ in
forceSSL = true;
useACMEHost = "eh07.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.shtml";
root = eh07;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix
View file

@ -29,16 +29,10 @@ in
"easterhegg2009.hamburg.ccc.de"
"www.easterhegg2009.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"easterhegg2009.hamburg.ccc.de" = {
@ -52,20 +46,12 @@ in
"www.easterhegg2009.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh09.easterhegg.eu";
@ -85,26 +71,18 @@ in
forceSSL = true;
useACMEHost = "eh09.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.shtml";
root = eh09;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

56
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix
View file

@ -29,16 +29,10 @@ in
"easterhegg2011.hamburg.ccc.de"
"www.easterhegg2011.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"easterhegg2011.hamburg.ccc.de" = {
@ -52,20 +46,12 @@ in
"www.easterhegg2011.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh11.easterhegg.eu";
@ -85,26 +71,18 @@ in
forceSSL = true;
useACMEHost = "eh11.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.shtml";
root = eh11;
extraConfig = ''
# Set default_type to html
# Set default_type to html
default_type text/html;
# Enable SSI
ssi on;

54
config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh20.nix
View file

@ -21,16 +21,10 @@ in
"www.eh20.easterhegg.eu"
"eh20.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
listen = [{
addr = "0.0.0.0";
port = 31820;
}];
};
"www.eh20.easterhegg.eu" = {
@ -40,20 +34,12 @@ in
"eh20.hamburg.ccc.de"
];
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://eh20.easterhegg.eu";
@ -73,20 +59,12 @@ in
forceSSL = true;
useACMEHost = "eh20.easterhegg.eu";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "start.html";

10
config/hosts/public-web-static/virtualHosts/spaceapi.hamburg.ccc.de.nix
View file

@ -7,10 +7,6 @@
serverName = "spaceapi.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,12 +19,6 @@
useACMEHost = "spaceapi.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix
View file

@ -11,10 +11,6 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -27,12 +23,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

70
config/hosts/public-web-static/virtualHosts/staging.c3dog.de.nix
View file

@ -1,70 +0,0 @@
{ pkgs, ... }:
let
domain = "staging.c3dog.de";
dataDir = "/var/www/${domain}";
deployUser = "c3dog-website-deploy";
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
# c3dog deploy user already defined in c3dog.de.nix.
}

16
config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix
View file

@ -16,10 +16,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -32,12 +28,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -65,12 +55,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.diday.org.nix
View file

@ -21,12 +21,6 @@ in
forceSSL = true;
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -35,6 +29,10 @@ in
}
];
basicAuth = {
"preview" = "liebe";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy

12
config/hosts/public-web-static/virtualHosts/staging.docs.c3voc.de.nix
View file

@ -11,10 +11,6 @@ in {
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -27,12 +23,6 @@ in {
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;
@ -58,8 +48,6 @@ in {
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
port_in_redirect off;
'';
};
};

10
config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix
View file

@ -12,10 +12,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,12 +24,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix
View file

@ -12,10 +12,6 @@ in
serverName = "${domain}";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -28,12 +24,6 @@ in
useACMEHost = "${domain}";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/staging.hamburg.ccc.de.nix
View file

@ -7,10 +7,6 @@
serverName = "staging.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,12 +19,6 @@
useACMEHost = "staging.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

10
config/hosts/public-web-static/virtualHosts/www.hamburg.ccc.de.nix
View file

@ -7,10 +7,6 @@
serverName = "www.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 31820;
}
{
addr = "0.0.0.0";
port = 31820;
@ -23,12 +19,6 @@
useACMEHost = "www.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8443;

6
deployment_configuration.json
View file

@ -6,9 +6,15 @@
"matrix": {
"targetHostname": "matrix-intern.hamburg.ccc.de"
},
"public-web-static": {
"targetHostname": "public-web-static-intern.hamburg.ccc.de"
},
"git": {
"targetHostname": "git.hamburg.ccc.de"
},
"forgejo-actions-runner": {
"targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
},
"woodpecker": {
"targetHostname": "woodpecker-intern.hamburg.ccc.de"
},

18
flake.lock generated
View file

@ -19,11 +19,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"lastModified": 1775002709,
"narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e",
"type": "github"
},
"original": {
@ -35,11 +35,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1776949667,
"narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=",
"lastModified": 1775126147,
"narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30",
"rev": "8d8c1fa5b412c223ffa47410867813290cdedfef",
"type": "github"
},
"original": {
@ -64,11 +64,11 @@
]
},
"locked": {
"lastModified": 1776771786,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=",
"lastModified": 1775188331,
"narHash": "sha256-/0BoSi0Dg0ON7IW0oscM12WSPBaMSCn36XTt0lHZoy8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598",
"rev": "8f093d0d2f08f37317778bd94db5951d6cce6c46",
"type": "github"
},
"original": {