feat: amz add cron job

hosts/amzebs-01/configuration.nix

@@ -7,6 +7,7 @@
     ./modules/mysql.nix
     ./modules/web/stack.nix
     ./modules/laravel-storage.nix
+    ./modules/laravel-scheduler.nix
     ./modules/blackbox-exporter.nix
     ./modules/postfix.nix
     ./modules/rspamd.nix

hosts/amzebs-01/modules/laravel-scheduler.nix

@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+# Daily scheduled Laravel artisan jobs
+# Runs artisan finish:reports at 01:00 for production and staging APIs
+
+let
+  php = pkgs.php82;
+
+  sites = [
+    {
+      domain = "api.ebs.amz.at";
+      user = "api_ebs_amz_at";
+    }
+    {
+      domain = "api.stage.ebs.amz.at";
+      user = "api_stage_ebs_amz_at";
+    }
+  ];
+
+  mkArtisanService = site: {
+    name = "artisan-finish-reports-${site.domain}";
+    value = {
+      description = "Laravel artisan finish:reports for ${site.domain}";
+      after = [ "network.target" "mysql.service" "phpfpm-${site.domain}.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = site.user;
+        Group = "nginx";
+        WorkingDirectory = "/var/www/${site.domain}";
+        ExecStart = "${php}/bin/php artisan finish:reports";
+      };
+    };
+  };
+
+  mkArtisanTimer = site: {
+    name = "artisan-finish-reports-${site.domain}";
+    value = {
+      description = "Daily timer for artisan finish:reports on ${site.domain}";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 01:00:00";
+        Persistent = true;
+      };
+    };
+  };
+
+in
+{
+  systemd.services = builtins.listToAttrs (map mkArtisanService sites);
+  systemd.timers = builtins.listToAttrs (map mkArtisanTimer sites);
+}

hosts/amzebs-01/modules/postfix.nix

@@ -3,15 +3,16 @@
 , config
 , ...
 }:
-{
-  # Header checks file for validating email headers
-  environment.etc."postfix/header_checks".text = ''
+let
+  headerChecksFile = pkgs.writeText "header_checks" ''
     # Warn about missing critical headers (but don't reject from localhost)
     # These help identify misconfigured applications
     /^$/  WARN Missing headers detected
   '';
-
+in
+{
   services.postfix = {
+    mapFiles."header_checks" = headerChecksFile;
     enable = true;
     hostname = "amzebs-01.amz.at";
     domain = "amz.at";
@@ -42,7 +43,7 @@
 
       # Ensure proper header handling
       # Reject mail that's missing critical headers
-      header_checks = "regexp:/etc/postfix/header_checks";
+      header_checks = "regexp:/var/lib/postfix/conf/header_checks";
 
       # Rate limiting to prevent spam-like behavior
       # Allow reasonable sending rates for applications