diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix index 23c9fb7..6ae37d3 100644 --- a/hosts/web-01.cloonar.com/configuration.nix +++ b/hosts/web-01.cloonar.com/configuration.nix @@ -32,6 +32,9 @@ ./sites/gbv-aktuell.at.nix ./sites/matomo.cloonar.com.nix ./sites/optiprot.eu.nix + ./sites/paraclub.at.nix + ./sites/tandem.paraclub.at.nix + ./sites/module.paraclub.at.nix ./sites/api.optiprot.cloonar.dev.nix ./sites/cloonar.dev.nix diff --git a/hosts/web-01.cloonar.com/sites/module.paraclub.at.nix b/hosts/web-01.cloonar.com/sites/module.paraclub.at.nix new file mode 100644 index 0000000..cf17b07 --- /dev/null +++ b/hosts/web-01.cloonar.com/sites/module.paraclub.at.nix @@ -0,0 +1,44 @@ +{ pkgs, lib, config, ... }: +let + domain = "module.paraclub.at"; + dataDir = "/var/www/${domain}"; +in { + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + root = "${dataDir}"; + + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html$is_args$args; + ''; + + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + + locations."~ [^/]\.php(/|$)".extraConfig = '' + deny all; + ''; + }; + users.users."${domain}" = { + isNormalUser = true; + createHome = true; + home = dataDir; + homeMode= "770"; + #home = "/home/${domain}"; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwgjsgjxOSX4ZeLuhSq+JumnEa1bKS3fwlA8LDuxvOWXs2Zn4Hwa04ZuM59jzqifwGGMJOFxErm8+5oH2QQFa0wgg8zEG+2U1AzjMNk5+mxrhnLPGAMlnqXmkGi0Jj2nFwKaEM9kcO5UUqRP71BFdGtP74wRcaVpT4TTPzCQl1HTdwzmAOT+3yQ364kyAHXTwQOAjiFcSAlNfZ5C2eeNC642bv6Dfi6mMWi55tdNV6HUn7y2cbq8wscDG7gla8bN3xivuO6POWqyCpHtLxDhppLYJ28ZwqpcynRAXDnVYlT3DmPw1bDs/eBlkjauGR/oM8phka3No3cREBYpSWK7mJeqIIWSV0Z4dvFLeWh6MM4AVhX3HOW7jcxf2tUmpzre6S10HjXj3lLES7oJO4uOYoJWxaGcqFiUc9BOxqLN9FqECXuzfC0apCr0OYm5T2NsSmzlkBPzCa2EqBBI0u5XGcDKgpBA4gD8kuD+8Cj5DxPzXP+IdX1jhHRVsI5nucTvM=" + ]; + }; + users.groups.${domain} = {}; +} diff --git a/hosts/web-01.cloonar.com/sites/paraclub.at.nix b/hosts/web-01.cloonar.com/sites/paraclub.at.nix new file mode 100644 index 0000000..e5a4ba3 --- /dev/null +++ b/hosts/web-01.cloonar.com/sites/paraclub.at.nix @@ -0,0 +1,43 @@ +{ pkgs, lib, config, ... }: +let + domain = "paraclub.at"; + dataDir = "/var/www/${domain}"; +in { + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + root = "${dataDir}"; + + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; + + locations."/".extraConfig = '' + index index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + + locations."~ [^/]\.php(/|$)".extraConfig = '' + deny all; + ''; + }; + users.users."${domain}" = { + isNormalUser = true; + createHome = true; + home = dataDir; + homeMode= "770"; + #home = "/home/${domain}"; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs=" + ]; + }; + users.groups.${domain} = {}; +} diff --git a/hosts/web-01.cloonar.com/sites/tandem.paraclub.at.nix b/hosts/web-01.cloonar.com/sites/tandem.paraclub.at.nix new file mode 100644 index 0000000..362b359 --- /dev/null +++ b/hosts/web-01.cloonar.com/sites/tandem.paraclub.at.nix @@ -0,0 +1,45 @@ +{ pkgs, lib, config, ... }: +let + domain = "tandem.paraclub.at"; + dataDir = "/var/www/${domain}"; + user = builtins.replaceStrings ["." "-"] ["_" "_"] domain; +in { + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + root = "${dataDir}"; + + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html$is_args$args; + ''; + + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + + locations."~ [^/]\.php(/|$)".extraConfig = '' + deny all; + ''; + }; + users.users."${user}" = { + isNormalUser = true; + createHome = true; + home = dataDir; + homeMode= "770"; + #home = "/home/${domain}"; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpezoJfaqSlQKhbzIRxQysmSmU5tih0SGFh4Eiy3YjfxiJSCRCuVTBCUmnhDCPsJZK+5xEDGarO8UfiqxZfxEyEL5d7IcRQJ/uRSFhYzByGbkziLM760KYqBzaE2Siu+zk625KOm6BN9qWGZdirejwf1Ay9EYmUdNiCMBBFLkPaQkZ8IEuMavf1wHEiZLas25eK7oJWHYKltcluH05QEF+5ODu88nlSpFlz2FjxJSbLDf7qeUba/L2OL124dTU5NIDNzwZLCKjpp8aTYzTaoox7KXUVRmy1X4Or61WhSxw9+LGyrAZLsW+l0a4FgY17V5HnF5/jf8eOpkuVdwtd29KCheJ4BdUfomV8vEt6S0hUP66VqJn6MliuL+10KM6TjLnjg0McPp1LPuSFRoLzO0YetTZzeVc0oBIr9Z3vjm6jt1dYcUtaydn/fc+FgoqpIOLz6EOGCz/CmyaV4rLk2BFKqtx5GP1wbP36hVkyWpREbEMILpFKDOyp21fC67mb0M=" + ]; + }; + users.groups.${user} = {}; +}