zaphyra's git: nixfiles

zaphyra and void's nixfiles

path: /config/nixos/modules/websites/oeffi.zaphyra.eu.nix 3.23 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
111 
112 
113 
114 
115 
116 
117 
118 
119 
120 
121 
122 
123 
124 
125 
126 
{
  povSelf,
  hostConfig,
  config,
  pkgs,
  lib,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
    subdomain = {
      type = types.str;
      default = "oeffi";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones = {
      "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
      "katja.wtf".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
    };

    services.nginx = {
      enable = true;
      appendHttpConfig = ''
        resolver 1.1.1.1 valid=300s;

        map $vendotarget $vendopath {
          default    no;
          locations  '/mob/location/search';
          location   '/mob/location/details';
          journeys   '/mob/angebote/fahrplan';
          journey    '/mob/angebote/recon';
          departures '/mob/bahnhofstafel/abfahrt';
          trip       '/mob/zuglauf';
        }

        map $hafastarget $hafasurl {
          default no;
          nahsh   nah.sh.hafas.de;
          rmv     www.rmv.de;
          bvg     bvg-apps-ext.hafas.de;
          oebb    fahrplan.oebb.at;
        }

        map $hafastarget $hafaspath {
          default no;
          nahsh   '/bin/mgate.exe';
          rmv     '/auskunft/bin/jp/mgate.exe';
          bvg     '/bin/mgate.exe';
          oebb    '/bin/mgate.exe';
        }
      '';

      virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
        serverAliases = [ "oeffi.katja.wtf" ];
        useACMEHost = "${config.networking.fqdn}";
        forceSSL = true;
        kTLS = true;
        root = pkgs.oeffisearch;
        extraConfig = ''
          merge_slashes off;
          large_client_header_buffers 4 16k;
        '';

        locations."/db/vehicle-sequence".extraConfig = ''
          proxy_ssl_server_name on;
          proxy_ssl_name        www.bahn.de;
          proxy_set_header      Host www.bahn.de;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args;
        '';

        locations."~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = ''
          if ($vendopath = no) {
            return 400;
          }

          if ($vendotarget = 'trip') {
            set $vendopath '$vendopath$2';
          }

          if ($vendotarget = 'location') {
            set $vendopath '$vendopath$2';
          }

          set $vendodomain 'app.vendo.noncd.db.de';

          proxy_ssl_server_name on;
          proxy_ssl_name        $vendodomain;
          proxy_set_header      Host $vendodomain;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://$vendodomain$vendopath;
        '';

        locations."~ ^/hafas/(?<hafastarget>.*)$".extraConfig = ''
          if ($hafasurl = no) {
            return 400;
          }

          proxy_ssl_server_name on;
          proxy_ssl_name        $hafasurl;
          proxy_set_header      Host $hafasurl;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://$hafasurl$hafaspath;
        '';
      };
    };
  };

}