Add next.hamburg.ccc.de virtualHost config for hosting the new website

In the future next.hamburg.ccc.de might also be used for hosting website
builds of branches or MRs.
This commit is contained in:
June 2023-10-25 02:17:21 +02:00
parent 567bd65d99
commit b0995784fc
2 changed files with 54 additions and 0 deletions

View file

@ -4,5 +4,6 @@
imports = [
./branding-resources.hamburg.ccc.de.nix
./element.hamburg.ccc.de.nix
./next.hamburg.ccc.de.nix
];
}

View file

@ -0,0 +1,53 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts = {
"acme-next.hamburg.ccc.de" = {
enableACME = true;
serverName = "next.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"next.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "next.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
extraParameters = [ "proxy_protocol" ];
}
];
root = "/var/www/next.hamburg.ccc.de/";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
users.users.ccchh-website-deploy = {
isNormalUser = true;
group = "ccchh-website-deploy";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
];
};
users.groups.ccchh-website-deploy = { };
}