zaphyra's git: nixfiles

config/nixos/modules/websites: add `oeffi.zaphyra.eu` (and enable on host `morio`)

diff --git a/config/nixos/modules/websites/oeffi.zaphyra.eu.nix b/config/nixos/modules/websites/oeffi.zaphyra.eu.nix
@@ -0,0 +1,126 @@
+{
+  povSelf,
+  hostConfig,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  inherit (lib) types;
+  cfg = lib.getAttrFromPath povSelf config;
+
+in
+{
+
+  options = {
+    enable = {
+      type = types.bool;
+      default = false;
+    };
+    domain = {
+      type = types.str;
+      default = "zaphyra.eu";
+    };
+    subdomain = {
+      type = types.str;
+      default = "oeffi";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    dns.zones = {
+      "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
+      "katja.wtf".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
+    };
+
+    services.nginx = {
+      enable = true;
+      appendHttpConfig = ''
+        resolver 1.1.1.1 valid=300s;
+
+        map $vendotarget $vendopath {
+          default    no;
+          locations  '/mob/location/search';
+          location   '/mob/location/details';
+          journeys   '/mob/angebote/fahrplan';
+          journey    '/mob/angebote/recon';
+          departures '/mob/bahnhofstafel/abfahrt';
+          trip       '/mob/zuglauf';
+        }
+
+        map $hafastarget $hafasurl {
+          default no;
+          nahsh   nah.sh.hafas.de;
+          rmv     www.rmv.de;
+          bvg     bvg-apps-ext.hafas.de;
+          oebb    fahrplan.oebb.at;
+        }
+
+        map $hafastarget $hafaspath {
+          default no;
+          nahsh   '/bin/mgate.exe';
+          rmv     '/auskunft/bin/jp/mgate.exe';
+          bvg     '/bin/mgate.exe';
+          oebb    '/bin/mgate.exe';
+        }
+      '';
+
+      virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
+        serverAliases = [ "oeffi.katja.wtf" ];
+        useACMEHost = "${config.networking.fqdn}";
+        forceSSL = true;
+        kTLS = true;
+        root = pkgs.oeffisearch;
+        extraConfig = ''
+          merge_slashes off;
+          large_client_header_buffers 4 16k;
+        '';
+
+        locations."/db/vehicle-sequence".extraConfig = ''
+          proxy_ssl_server_name on;
+          proxy_ssl_name        www.bahn.de;
+          proxy_set_header      Host www.bahn.de;
+          proxy_hide_header    'set-cookie';
+          proxy_pass            https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args;
+        '';
+
+        locations."~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = ''
+          if ($vendopath = no) {
+            return 400;
+          }
+
+          if ($vendotarget = 'trip') {
+            set $vendopath '$vendopath$2';
+          }
+
+          if ($vendotarget = 'location') {
+            set $vendopath '$vendopath$2';
+          }
+
+          set $vendodomain 'app.vendo.noncd.db.de';
+
+          proxy_ssl_server_name on;
+          proxy_ssl_name        $vendodomain;
+          proxy_set_header      Host $vendodomain;
+          proxy_hide_header    'set-cookie';
+          proxy_pass            https://$vendodomain$vendopath;
+        '';
+
+        locations."~ ^/hafas/(?<hafastarget>.*)$".extraConfig = ''
+          if ($hafasurl = no) {
+            return 400;
+          }
+
+          proxy_ssl_server_name on;
+          proxy_ssl_name        $hafasurl;
+          proxy_set_header      Host $hafasurl;
+          proxy_hide_header    'set-cookie';
+          proxy_pass            https://$hafasurl$hafaspath;
+        '';
+      };
+    };
+  };
+
+}

diff --git a/flake.lock b/flake.lock
@@ -809,6 +809,26 @@
         "type": "github"
       }
     },
+    "oeffisearch": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1748350477,
+        "narHash": "sha256-wI2yOnwxFeaL2QjmFidbbWnavGlgSMU/RYq5bIBkCno=",
+        "ref": "refs/heads/main",
+        "rev": "ee710b35cfc6a07a7f8d8a7c64def9c833f0ba66",
+        "revCount": 294,
+        "type": "git",
+        "url": "https://git.zaphyra.eu/oeffisearch"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.zaphyra.eu/oeffisearch"
+      }
+    },
     "pre-commit-hooks-nix": {
       "inputs": {
         "flake-compat": [

@@ -878,6 +898,7 @@
         "nixSystemsDefault": "nixSystemsDefault",
         "nixpkgs": "nixpkgs_3",
         "nixpkgsUnstable": "nixpkgsUnstable",
+        "oeffisearch": "oeffisearch",
         "simpleNixosMailserver": "simpleNixosMailserver",
         "sopsNix": "sopsNix",
         "stagit": "stagit"

diff --git a/flake.nix b/flake.nix
@@ -82,6 +82,7 @@
                 inputs.stagit.overlays.default
                 inputs.flauschehornSexy.overlays.default
                 inputs.gpxMap.overlays.default
+                inputs.oeffisearch.overlays.default
               ];
             }
 

@@ -208,6 +209,9 @@
     gpxMap.url = "git+https://git.zaphyra.eu/gpx-map";
     gpxMap.inputs.nixpkgs.follows = "nixpkgs";
 
+    oeffisearch.url = "git+https://git.zaphyra.eu/oeffisearch";
+    oeffisearch.inputs.nixpkgs.follows = "nixpkgs";
+
     firefoxGnomeTheme.flake = false;
     firefoxGnomeTheme.url = "github:rafaelmardojai/firefox-gnome-theme/v137";
   };

diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix
@@ -88,6 +88,7 @@
           "gts.zaphyra.eu".enable = true;
           "grapevine.zaphyra.eu".enable = true;
           "vault.zaphyra.eu".enable = true;
+          "oeffi.zaphyra.eu".enable = true;
         };
 
         users.katja.enable = true;