From 1c9302c77305220a9779660163aacb8d2f70f0f9 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 7 Aug 2025 12:08:09 +0200
Subject: [PATCH] feat: add scana11y website

---
 hosts/web-arm/configuration.nix            |  3 ++
 hosts/web-arm/sites/scana11y.com.nix       | 45 ++++++++++++++++++++++
 hosts/web-arm/sites/stage.scana11y.com.nix | 45 ++++++++++++++++++++++
 3 files changed, 93 insertions(+)
 create mode 100644 hosts/web-arm/sites/scana11y.com.nix
 create mode 100644 hosts/web-arm/sites/stage.scana11y.com.nix

diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix
index c4acebe..b8f9db4 100644
--- a/hosts/web-arm/configuration.nix
+++ b/hosts/web-arm/configuration.nix
@@ -45,6 +45,9 @@
     ./sites/support.cloonar.dev.nix
     ./sites/stage.cloonar-technologies.at.nix
 
+    ./sites/stage.scana11y.com.nix
+    ./sites/scana11y.com.nix
+
     ./sites/cloonar.dev.nix
     ./sites/paraclub.at.nix
     ./sites/api.paraclub.at.nix
diff --git a/hosts/web-arm/sites/scana11y.com.nix b/hosts/web-arm/sites/scana11y.com.nix
new file mode 100644
index 0000000..9a25a9e
--- /dev/null
+++ b/hosts/web-arm/sites/scana11y.com.nix
@@ -0,0 +1,45 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "scana11y.com";
+  dataDir = "/var/www/${domain}";
+  user = builtins.replaceStrings ["." "-"] ["_" "_"] domain;
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = "/var/lib/acme/acme-challenge";
+
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html$is_args$args;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+     expires 365d;
+     add_header Pragma "public";
+     add_header Cache-Control "public";
+    '';
+
+    locations."~ [^/]\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+  users.users."${user}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode= "770";
+    group  = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID20OFQ9ZbRC2GFH5cii7mAhyD28GBwqM+1+2b36HI4k"
+    ];
+  };
+  users.groups.${user} = {};
+}
diff --git a/hosts/web-arm/sites/stage.scana11y.com.nix b/hosts/web-arm/sites/stage.scana11y.com.nix
new file mode 100644
index 0000000..5580e01
--- /dev/null
+++ b/hosts/web-arm/sites/stage.scana11y.com.nix
@@ -0,0 +1,45 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "stage.scana11y.com";
+  dataDir = "/var/www/${domain}";
+  user = builtins.replaceStrings ["." "-"] ["_" "_"] domain;
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = "/var/lib/acme/acme-challenge";
+
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html$is_args$args;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+     expires 365d;
+     add_header Pragma "public";
+     add_header Cache-Control "public";
+    '';
+
+    locations."~ [^/]\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+  users.users."${user}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode= "770";
+    group  = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIM0XUH9EUucDsvJKqwytgsTRcSsu6KmqAZ9LVgPre2"
+    ];
+  };
+  users.groups.${user} = {};
+}