zaphyra's git: nixfiles

zaphyra's nixfiles

path: /nixosModules/zpha/websites/oeffi.zaphyra.eu.nix 3.02 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
{
  config,
  pkgs,
  lib,
  ...
}:

{

  options.zpha.websites."oeffi.zaphyra.eu".enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.websites."oeffi.zaphyra.eu".enable {
    dns.zones = {
      "zaphyra.eu".subdomains."oeffi".CNAME = [ "${config.networking.fqdn}." ];
      "katja.wtf".subdomains."oeffi".CNAME = [ "${config.networking.fqdn}." ];
    };

    services.nginx = {
      appendHttpConfig = ''
        resolver 1.1.1.1 valid=300s;

        map $vendotarget $vendopath {
          default    no;
          locations  '/mob/location/search';
          location   '/mob/location/details';
          journeys   '/mob/angebote/fahrplan';
          journey    '/mob/angebote/recon';
          departures '/mob/bahnhofstafel/abfahrt';
          trip       '/mob/zuglauf';
        }

        map $hafastarget $hafasurl {
          default no;
          nahsh   nah.sh.hafas.de;
          rmv     www.rmv.de;
          bvg     bvg-apps-ext.hafas.de;
          oebb    fahrplan.oebb.at;
        }

        map $hafastarget $hafaspath {
          default no;
          nahsh   '/bin/mgate.exe';
          rmv     '/auskunft/bin/jp/mgate.exe';
          bvg     '/bin/mgate.exe';
          oebb    '/bin/mgate.exe';
        }
      '';

      virtualHosts."oeffi.zaphyra.eu" = {
        serverAliases = [ "oeffi.katja.wtf" ];
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        root = pkgs.zpha.oeffisearch;
        extraConfig = ''
          merge_slashes off;
          large_client_header_buffers 4 16k;
        '';

        locations = {
          "/db/vehicle-sequence".extraConfig = ''
            proxy_ssl_server_name on;
            proxy_ssl_name        www.bahn.de;
            proxy_set_header      Host www.bahn.de;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args;
          '';

          "~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = ''
            if ($vendopath = no) {
              return 400;
            }

            if ($vendotarget = 'trip') {
              set $vendopath '$vendopath$2';
            }

            if ($vendotarget = 'location') {
              set $vendopath '$vendopath$2';
            }

            set $vendodomain 'app.services-bahn.de';

            proxy_ssl_server_name on;
            proxy_ssl_name        $vendodomain;
            proxy_set_header      Host $vendodomain;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://$vendodomain$vendopath;
          '';

          "~ ^/hafas/(?<hafastarget>.*)$".extraConfig = ''
            if ($hafasurl = no) {
              return 400;
            }

            proxy_ssl_server_name on;
            proxy_ssl_name        $hafasurl;
            proxy_set_header      Host $hafasurl;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://$hafasurl$hafaspath;
          '';
        };
      };
    };
  };

}