Compare commits

...

5 commits

Author SHA1 Message Date
5e7c46a4e9
wildcard dns with ACME
this is just me procrastinating …

(not tested, not deployed – we don't actually own i4f.de)
2021-10-07 18:04:25 +02:00
9eed435ea3
shortcutdomains: generate an index page
misusing nix as an html templating language, yay!

We could (and maybe should) also use something more reasonable instead,
e.g. jekyll or hakyll, but for a simple listing nix turns out to be
quite enough.

The page doesn't look all too well for now; I haven't set any css, or
even added some <div>-tags for basic styling.
2021-10-07 17:50:54 +02:00
e07d23e2ee
shortcutdomains: more shortcuts
tbh, I'm not entirely sure about these — if we have single-letter
domains only, we'll run into trouble pretty quickly (e.g. with
mattermost/mumble). I've kept it limited to only *.infra4future.de,
where that is less of a problem (for now).
2021-10-07 17:50:54 +02:00
03ce987c90
shortcutdomains: 301 redirect -> 302 redirect
To prevent interference from indefinite caching of 301 redirects, this
now uses 302 redirects instead.
2021-10-07 17:50:54 +02:00
98c3c807c4
shortcut domains for services
as per Zauberberg's idea in mattermost last night [1], this adds an
extra domain, which just exists to make links to the various services
shorter, using a nix to keep the whole thing easily changable.

In particular, the "shortdomain" binding should be set to some domain we
actually own before anyone deploys this (I've set it to "i4f.de" as a
dummy value for now).

Potential caveats:
 - this uses ACME to get a certificate for each of the redirect domains,
   which may run into rate limits if we have too many of them.
 - there's nothing on the shortdomain itself. I suggest we could either
   use it as a general linkshortener, or generate a list of available
   domain shortcuts into html from nix

[1] https://mattermost.infra4future.de/hacc/pl/xks5naezcbn8myh79bq3dehmso
2021-10-07 17:50:50 +02:00
2 changed files with 61 additions and 0 deletions

View file

@ -22,6 +22,7 @@
../../services/unifi.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
../../services/shortdomains.nix
./lxc.nix
];

60
services/shortdomains.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
let
shortdomain = "i4f.de";
redirects = [
(short "d" "discuss.infra4future.de")
(short "m" "mattermost.infra4future.de")
(short "c" "cloud.infra4future.de")
(short "s" "survey.infra4future.de")
(short "g" "gitlab.infra4future.de")
];
short = name: target: {
inherit name target;
};
toVirtualHosts = {name, target, ...}: {
name = "${name}.${shortdomain}";
value = {
forceSSL = true;
useACMEHost = "*.i4f.de";
locations."/".return = "302 https://${target}$request_uri";
};
};
in
{
security.acme.certs."wildcard.i4f.de" = {
domain = "*.i4f.de";
dnsProvider = "cloudflare";
credentialsFile = "/persist/var/shortdomains/dns-secrents.env";
};
services.nginx.virtualHosts =
lib.listToAttrs (map toVirtualHosts redirects)
// {
${shortdomain} = {
enableACME = true;
forceSSL = true;
root = pkgs.writeText "index.html" ''
<html lang="en">
<head>
<title>Infra4future shortlinks</title>
<meta charset="UTF-8">
</head>
<body><h1>Shortlinks for infra4future.de</h1>
${lib.strings.concatStrings
(map ({name, target,...}:
''
<p>
<a href="https://${target}">${name}.${shortdomain} ${target}</a>
</p>
'')
redirects)
}
</body>
</html>
'';
};
};
}