Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: amz add cron job

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-12-01 16:17:45 +01:00
parent 209bafd70f
commit 6e8f530537
3 changed files with 58 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/amzebs-01/configuration.nix
View File

@@ -7,6 +7,7 @@
./modules/mysql.nix ./modules/mysql.nix
./modules/web/stack.nix ./modules/web/stack.nix
./modules/laravel-storage.nix ./modules/laravel-storage.nix
./modules/laravel-scheduler.nix
./modules/blackbox-exporter.nix ./modules/blackbox-exporter.nix
./modules/postfix.nix ./modules/postfix.nix
./modules/rspamd.nix ./modules/rspamd.nix

51
hosts/amzebs-01/modules/laravel-scheduler.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
# Daily scheduled Laravel artisan jobs
# Runs artisan finish:reports at 01:00 for production and staging APIs
let
php = pkgs.php82;
sites = [
{
domain = "api.ebs.amz.at";
user = "api_ebs_amz_at";
}
{
domain = "api.stage.ebs.amz.at";
user = "api_stage_ebs_amz_at";
}
];
mkArtisanService = site: {
name = "artisan-finish-reports-${site.domain}";
value = {
description = "Laravel artisan finish:reports for ${site.domain}";
after = [ "network.target" "mysql.service" "phpfpm-${site.domain}.service" ];
serviceConfig = {
Type = "oneshot";
User = site.user;
Group = "nginx";
WorkingDirectory = "/var/www/${site.domain}";
ExecStart = "${php}/bin/php artisan finish:reports";
};
};
};
mkArtisanTimer = site: {
name = "artisan-finish-reports-${site.domain}";
value = {
description = "Daily timer for artisan finish:reports on ${site.domain}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 01:00:00";
Persistent = true;
};
};
};
in
{
systemd.services = builtins.listToAttrs (map mkArtisanService sites);
systemd.timers = builtins.listToAttrs (map mkArtisanTimer sites);
}

11
hosts/amzebs-01/modules/postfix.nix
View File

@@ -3,15 +3,16 @@
, config , config
, ... , ...
}: }:
{ let
# Header checks file for validating email headers headerChecksFile = pkgs.writeText "header_checks" ''
environment.etc."postfix/header_checks".text = ''
# Warn about missing critical headers (but don't reject from localhost) # Warn about missing critical headers (but don't reject from localhost)
# These help identify misconfigured applications # These help identify misconfigured applications
/^$/ WARN Missing headers detected /^$/ WARN Missing headers detected
''; '';
in
{
services.postfix = { services.postfix = {
mapFiles."header_checks" = headerChecksFile;
enable = true; enable = true;
hostname = "amzebs-01.amz.at"; hostname = "amzebs-01.amz.at";
domain = "amz.at"; domain = "amz.at";
@@ -42,7 +43,7 @@
# Ensure proper header handling # Ensure proper header handling
# Reject mail that's missing critical headers # Reject mail that's missing critical headers
header_checks = "regexp:/etc/postfix/header_checks"; header_checks = "regexp:/var/lib/postfix/conf/header_checks";
# Rate limiting to prevent spam-like behavior # Rate limiting to prevent spam-like behavior
# Allow reasonable sending rates for applications # Allow reasonable sending rates for applications