ctucx.git: nixfiles

ctucx' nixfiles

commit b5c03f042db333d6c7c0064e073241213b55bc0f
parent cd3277c04434d45988ea79047e5c6c16e0d23064
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 22 Jan 2025 12:37:32 +0100

machines/hector/websites: add `oeffi.ctu.cx`

2 files changed, 60 insertions(+), 0 deletions(-)
M
machines/hector/websites/default.nix
|
1
+
A
machines/hector/websites/oeffi.ctu.cx.nix
|
59
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/hector/websites/default.nix b/machines/hector/websites/default.nix
@@ -7,6 +7,7 @@
     ./things.ctu.cx.nix
     ./bikemap.ctu.cx.nix
     ./photos.ctu.cx.nix
+    ./oeffi.ctu.cx.nix
   ];
 
 }

diff --git a/machines/hector/websites/oeffi.ctu.cx.nix b/machines/hector/websites/oeffi.ctu.cx.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  dns.zones."ctu.cx".subdomains.oeffi.CNAME = [ "${config.networking.fqdn}." ];
+
+  services.nginx = {
+    enable = true;
+    appendHttpConfig = ''
+      map $phost $host_allowed {
+        default no;
+        www.bahn.de yes;
+        app.vendo.noncd.db.de yes;
+        nah.sh.hafas.de yes;
+        www.rmv.de yes;
+        vrn.hafas.de yes;
+        bvg-apps-ext.hafas.de yes;
+        fahrplan.oebb.at yes;
+      }
+
+    '';
+    virtualHosts."oeffi.ctu.cx" = {
+      enableACME  = true;
+      forceSSL    = true;
+      kTLS        = true;
+      root        = pkgs.trainsearch;
+      extraConfig = ''
+        merge_slashes off;
+      '';
+      locations."~ ^/(?<pscheme>https?://)(?<phost>[^/\\n\\r]+)(?<ppath>/.*)$".extraConfig = ''
+        if ($request_method = OPTIONS) {
+          more_set_headers "Access-Control-Allow-Headers: *";
+          more_set_headers "Access-Control-Allow-Origin: http://localhost:8080";
+          more_set_headers "Access-Control-Max-Age: 3600";
+          more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS";
+          add_header Content-Type text/plain;
+          add_header Content-Length 0;
+          return 204;
+        }
+
+        resolver 8.8.8.8;
+
+        if ($host_allowed != yes) {
+          return 400;
+        }
+
+        more_set_headers "Access-Control-Allow-Headers: *";
+        more_set_headers "Access-Control-Allow-Origin: http://localhost:8080";
+        more_set_headers "Access-Control-Max-Age: 3600";
+        more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS";
+
+        proxy_set_header Host $phost;
+        proxy_redirect ~^(https?://)([^/]+)(.*)$ $scheme://$http_host/$1$2$3;
+        proxy_pass $pscheme$phost$ppath$is_args$args;
+      '';
+    };
+  };
+
+}