From 4f3c68b08ec4a07fea18c34134a45e29e0f80050 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Tue, 27 Apr 2021 10:10:17 +0200 Subject: [PATCH 1/4] shortcut domains for services as per Zauberberg's idea in mattermost last night [1], this adds an extra domain, which just exists to make links to the various services shorter, using a nix to keep the whole thing easily changable. In particular, the "shortdomain" binding should be set to some domain we actually own before anyone deploys this (I've set it to "i4f.de" as a dummy value for now). Potential caveats: - this uses ACME to get a certificate for each of the redirect domains, which may run into rate limits if we have too many of them. - there's nothing on the shortdomain itself. I suggest we could either use it as a general linkshortener, or generate a list of available domain shortcuts into html from nix [1] https://mattermost.infra4future.de/hacc/pl/xks5naezcbn8myh79bq3dehmso --- hosts/parsons/configuration.nix | 1 + services/shortdomains.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 services/shortdomains.nix diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index c41dfa0..23b10d3 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -21,6 +21,7 @@ ../../services/gitlab-runner.nix ../../services/unifi.nix ../../services/lantifa.nix + ../../services/shortdomains.nix ./lxc.nix ]; diff --git a/services/shortdomains.nix b/services/shortdomains.nix new file mode 100644 index 0000000..2f24d8c --- /dev/null +++ b/services/shortdomains.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +let + shortdomain = "i4f.de"; + short = abbrv: target: { + name = "${abbrv}.${shortdomain}"; + value = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://${target}$request_uri"; + }; + }; +in +{ + services.nginx.virtualHosts = lib.listToAttrs [ + (short "d" "discuss.infra4future.de") + (short "m" "mattermost.infra4future.de") + ]; +} From 8d50f0688e6cbdfd5972fda5e51ea2667bef77ef Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 3 May 2021 11:50:37 +0200 Subject: [PATCH 2/4] shortcutdomains: 301 redirect -> 302 redirect To prevent interference from indefinite caching of 301 redirects, this now uses 302 redirects instead. --- services/shortdomains.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/shortdomains.nix b/services/shortdomains.nix index 2f24d8c..e45045b 100644 --- a/services/shortdomains.nix +++ b/services/shortdomains.nix @@ -7,7 +7,7 @@ let value = { forceSSL = true; enableACME = true; - locations."/".return = "301 https://${target}$request_uri"; + locations."/".return = "302 https://${target}$request_uri"; }; }; in From 3d616bfdacfcbb1bd6cab6e6344fa7abf994b2ff Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 3 May 2021 11:51:39 +0200 Subject: [PATCH 3/4] shortcutdomains: more shortcuts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tbh, I'm not entirely sure about these — if we have single-letter domains only, we'll run into trouble pretty quickly (e.g. with mattermost/mumble). I've kept it limited to only *.infra4future.de, where that is less of a problem (for now). --- services/shortdomains.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/shortdomains.nix b/services/shortdomains.nix index e45045b..6c53b95 100644 --- a/services/shortdomains.nix +++ b/services/shortdomains.nix @@ -15,5 +15,8 @@ in services.nginx.virtualHosts = lib.listToAttrs [ (short "d" "discuss.infra4future.de") (short "m" "mattermost.infra4future.de") + (short "c" "cloud.infra4future.de") + (short "s" "survey.infra4future.de") + (short "g" "gitlab.infra4future.de") ]; } From ecfc9fcde43b6cdaa128e8c0ae55727122f659b2 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 3 May 2021 12:08:25 +0200 Subject: [PATCH 4/4] shortcutdomains: generate an index page misusing nix as an html templating language, yay! We could (and maybe should) also use something more reasonable instead, e.g. jekyll or hakyll, but for a simple listing nix turns out to be quite enough. The page doesn't look all too well for now; I haven't set any css, or even added some
-tags for basic styling. --- services/shortdomains.nix | 40 ++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/services/shortdomains.nix b/services/shortdomains.nix index 6c53b95..a1e75f8 100644 --- a/services/shortdomains.nix +++ b/services/shortdomains.nix @@ -2,21 +2,51 @@ let shortdomain = "i4f.de"; - short = abbrv: target: { - name = "${abbrv}.${shortdomain}"; + short = name: target: { + inherit name target; + }; + toVirtualHosts = {name, target, ...}: { + name = "${name}.${shortdomain}"; value = { forceSSL = true; enableACME = true; locations."/".return = "302 https://${target}$request_uri"; }; }; -in -{ - services.nginx.virtualHosts = lib.listToAttrs [ + redirects = [ (short "d" "discuss.infra4future.de") (short "m" "mattermost.infra4future.de") (short "c" "cloud.infra4future.de") (short "s" "survey.infra4future.de") (short "g" "gitlab.infra4future.de") ]; +in +{ + services.nginx.virtualHosts = + lib.listToAttrs (map toVirtualHosts redirects) + // { + ${shortdomain} = { + enableACME = true; + forceSSL = true; + root = pkgs.writeText "index.html" '' + + + Infra4future shortlinks + + +

Shortlinks for infra4future.de

+ ${lib.strings.concatStrings + (map ({name, target,...}: + '' +

+ ${name}.${shortdomain} → ${target} +

+ '') + redirects) + } + + + ''; + }; + }; }