diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix
index bff67ea..155a9ff 100644
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@@ -21,6 +21,7 @@
../../services/gitlab-runner.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
+ ../../services/shortdomains.nix
./lxc.nix
];
diff --git a/services/shortdomains.nix b/services/shortdomains.nix
new file mode 100644
index 0000000..36f7d08
--- /dev/null
+++ b/services/shortdomains.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+ shortdomain = "i4f.de";
+ redirects = [
+ (short "d" "discuss.infra4future.de")
+ (short "m" "mattermost.infra4future.de")
+ (short "c" "cloud.infra4future.de")
+ (short "s" "survey.infra4future.de")
+ (short "g" "gitlab.infra4future.de")
+ ];
+
+
+ short = name: target: {
+ inherit name target;
+ };
+ toVirtualHosts = {name, target, ...}: {
+ name = "${name}.${shortdomain}";
+ value = {
+ forceSSL = true;
+ useACMEHost = "*.i4f.de";
+ locations."/".return = "302 https://${target}$request_uri";
+ };
+ };
+in
+{
+ security.acme.certs."wildcard.i4f.de" = {
+ domain = "*.i4f.de";
+ dnsProvider = "cloudflare";
+ credentialsFile = "/persist/var/shortdomains/dns-secrents.env";
+ };
+
+ services.nginx.virtualHosts =
+ lib.listToAttrs (map toVirtualHosts redirects)
+ // {
+ ${shortdomain} = {
+ enableACME = true;
+ forceSSL = true;
+ root = pkgs.writeText "index.html" ''
+
+
+ Infra4future shortlinks
+
+
+ Shortlinks for infra4future.de
+ ${lib.strings.concatStrings
+ (map ({name, target,...}:
+ ''
+
+ ${name}.${shortdomain} → ${target}
+
+ '')
+ redirects)
+ }
+
+
+ '';
+ };
+ };
+}