From 131542bc1d2299b055740b26723dd0c0f408d507 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Fri, 27 Oct 2023 17:09:20 +0200
Subject: [PATCH] add paraclub module site

---
 hosts/web-01.cloonar.com/configuration.nix    |  1 +
 .../sites/module.paraclub.cloonar.dev.nix     | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 hosts/web-01.cloonar.com/sites/module.paraclub.cloonar.dev.nix

diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix
index c0bf488..5b4e9fe 100644
--- a/hosts/web-01.cloonar.com/configuration.nix
+++ b/hosts/web-01.cloonar.com/configuration.nix
@@ -41,6 +41,7 @@
     ./sites/optiprot.cloonar.dev.nix
     ./sites/mehr-leistbaren-wohnraum-schaffen.at.nix
     ./sites/mehr-leistbaren-wohnraum-schaffen.cloonar.dev.nix
+    ./sites/module.paraclub.cloonar.dev.nix
   ];
 
   nixpkgs.config.permittedInsecurePackages = [
diff --git a/hosts/web-01.cloonar.com/sites/module.paraclub.cloonar.dev.nix b/hosts/web-01.cloonar.com/sites/module.paraclub.cloonar.dev.nix
new file mode 100644
index 0000000..274fdd8
--- /dev/null
+++ b/hosts/web-01.cloonar.com/sites/module.paraclub.cloonar.dev.nix
@@ -0,0 +1,44 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "module.paraclub.cloonar.dev";
+  dataDir = "/var/www/${domain}";
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ =404;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+     expires 365d;
+     add_header Pragma "public";
+     add_header Cache-Control "public";
+    '';
+
+    locations."~ [^/]\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+  users.users."${domain}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode= "770";
+    #home = "/home/${domain}";
+    group  = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwgjsgjxOSX4ZeLuhSq+JumnEa1bKS3fwlA8LDuxvOWXs2Zn4Hwa04ZuM59jzqifwGGMJOFxErm8+5oH2QQFa0wgg8zEG+2U1AzjMNk5+mxrhnLPGAMlnqXmkGi0Jj2nFwKaEM9kcO5UUqRP71BFdGtP74wRcaVpT4TTPzCQl1HTdwzmAOT+3yQ364kyAHXTwQOAjiFcSAlNfZ5C2eeNC642bv6Dfi6mMWi55tdNV6HUn7y2cbq8wscDG7gla8bN3xivuO6POWqyCpHtLxDhppLYJ28ZwqpcynRAXDnVYlT3DmPw1bDs/eBlkjauGR/oM8phka3No3cREBYpSWK7mJeqIIWSV0Z4dvFLeWh6MM4AVhX3HOW7jcxf2tUmpzre6S10HjXj3lLES7oJO4uOYoJWxaGcqFiUc9BOxqLN9FqECXuzfC0apCr0OYm5T2NsSmzlkBPzCa2EqBBI0u5XGcDKgpBA4gD8kuD+8Cj5DxPzXP+IdX1jhHRVsI5nucTvM="
+    ];
+  };
+  users.groups.${domain} = {};
+}