feat: amz add cron job

2025-12-01 16:17:45 +01:00
parent 209bafd70f
commit 6e8f530537
3 changed files with 58 additions and 5 deletions
--- a/hosts/amzebs-01/configuration.nix
+++ b/hosts/amzebs-01/configuration.nix
@@ -7,6 +7,7 @@
    ./modules/mysql.nix
    ./modules/web/stack.nix
    ./modules/laravel-storage.nix
+    ./modules/laravel-scheduler.nix
    ./modules/blackbox-exporter.nix
    ./modules/postfix.nix
    ./modules/rspamd.nix
--- a/hosts/amzebs-01/modules/laravel-scheduler.nix
+++ b/hosts/amzebs-01/modules/laravel-scheduler.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+# Daily scheduled Laravel artisan jobs
+# Runs artisan finish:reports at 01:00 for production and staging APIs
+
+let
+  php = pkgs.php82;
+
+  sites = [
+    {
+      domain = "api.ebs.amz.at";
+      user = "api_ebs_amz_at";
+    }
+    {
+      domain = "api.stage.ebs.amz.at";
+      user = "api_stage_ebs_amz_at";
+    }
+  ];
+
+  mkArtisanService = site: {
+    name = "artisan-finish-reports-${site.domain}";
+    value = {
+      description = "Laravel artisan finish:reports for ${site.domain}";
+      after = [ "network.target" "mysql.service" "phpfpm-${site.domain}.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = site.user;
+        Group = "nginx";
+        WorkingDirectory = "/var/www/${site.domain}";
+        ExecStart = "${php}/bin/php artisan finish:reports";
+      };
+    };
+  };
+
+  mkArtisanTimer = site: {
+    name = "artisan-finish-reports-${site.domain}";
+    value = {
+      description = "Daily timer for artisan finish:reports on ${site.domain}";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 01:00:00";
+        Persistent = true;
+      };
+    };
+  };
+
+in
+{
+  systemd.services = builtins.listToAttrs (map mkArtisanService sites);
+  systemd.timers = builtins.listToAttrs (map mkArtisanTimer sites);
+}
--- a/hosts/amzebs-01/modules/postfix.nix
+++ b/hosts/amzebs-01/modules/postfix.nix
@@ -3,15 +3,16 @@
 , config
 , ...
 }:
-{
-  # Header checks file for validating email headers
-  environment.etc."postfix/header_checks".text = ''
+let
+  headerChecksFile = pkgs.writeText "header_checks" ''
    # Warn about missing critical headers (but don't reject from localhost)
    # These help identify misconfigured applications
    /^$/  WARN Missing headers detected
  '';
-
+in
+{
  services.postfix = {
+    mapFiles."header_checks" = headerChecksFile;
    enable = true;
    hostname = "amzebs-01.amz.at";
    domain = "amz.at";
@@ -42,7 +43,7 @@

      # Ensure proper header handling
      # Reject mail that's missing critical headers
-      header_checks = "regexp:/etc/postfix/header_checks";
+      header_checks = "regexp:/var/lib/postfix/conf/header_checks";

      # Rate limiting to prevent spam-like behavior
      # Allow reasonable sending rates for applications