Merge branch 'feature/shortcutdomain' into 'main'

Draft: shortcut domains for services

See merge request hacc/infra/haccfiles!61

hosts/parsons/configuration.nix

@@ -21,6 +21,7 @@
     ../../services/gitlab-runner.nix
     ../../services/lantifa.nix
     ../../services/vaultwarden.nix
+    ../../services/shortdomains.nix
 
     ./lxc.nix
   ];

services/shortdomains.nix

@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+  shortdomain = "i4f.de";
+  redirects = [
+    (short "d" "discuss.infra4future.de")
+    (short "m" "mattermost.infra4future.de")
+    (short "c" "cloud.infra4future.de")
+    (short "s" "survey.infra4future.de")
+    (short "g" "gitlab.infra4future.de")
+  ];
+
+
+  short = name: target: {
+    inherit name target;
+  };
+  toVirtualHosts = {name, target, ...}: {
+    name = "${name}.${shortdomain}";
+    value = {
+      forceSSL = true;
+      useACMEHost = "*.i4f.de";
+      locations."/".return = "302 https://${target}$request_uri";
+    };
+  };
+in
+{
+  security.acme.certs."wildcard.i4f.de" = {
+    domain = "*.i4f.de";
+    dnsProvider = "cloudflare";
+    credentialsFile = "/persist/var/shortdomains/dns-secrents.env";
+  };
+
+  services.nginx.virtualHosts =
+    lib.listToAttrs (map toVirtualHosts redirects)
+    // {
+      ${shortdomain} = {
+        enableACME = true;
+        forceSSL = true;
+        root = pkgs.writeText "index.html" ''
+          <html lang="en">
+            <head>
+              <title>Infra4future shortlinks</title>
+              <meta charset="UTF-8">
+            </head>
+            <body><h1>Shortlinks for infra4future.de</h1>
+              ${lib.strings.concatStrings
+                (map ({name, target,...}:
+                  ''
+                    <p>
+                      <a href="https://${target}">${name}.${shortdomain} → ${target}</a>
+                    </p>
+                  '')
+                  redirects)
+               }
+            </body>
+          </html>
+        '';
+      };
+    };
+}