feat: many changes

hosts/fw/modules/dnsmasq.nix

@@ -91,7 +91,7 @@
         "/fw.cloonar.com/${config.networkPrefix}.97.1"
         "/omada.cloonar.com/${config.networkPrefix}.97.2"
         "/web-02.cloonar.com/${config.networkPrefix}.97.5"
-        "/phpldapadmin.cloonar.com/${config.networkPrefix}.97.5"
+        "/pla.cloonar.com/${config.networkPrefix}.97.5"
         "/home-assistant.cloonar.com/${config.networkPrefix}.97.20"
         "/mopidy.cloonar.com/${config.networkPrefix}.97.21"
         "/snapcast.cloonar.com/${config.networkPrefix}.97.21"
@@ -100,6 +100,7 @@
         "/feeds.cloonar.com/188.34.191.144"
         "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112"
         "/allywatch.cloonar.com/${config.networkPrefix}.97.5"
+        "/brn30055c566237.cloonar.com/${config.networkPrefix}.96.100"
 
         "/stage.wsw.at/10.254.235.22"
         "/prod.wsw.at/10.254.217.23"

hosts/fw/modules/foundry-vtt.nix

@@ -35,7 +35,7 @@ in {
         hostName = "foundry-vtt";
         useHostResolvConf = false;
         defaultGateway = {
-          address = "${hostConfig.networkPrefix}.97.1";
+          address = "${hostConfig.networkPrefix}.96.1";
           interface = "eth0";
         };
         nameservers = [ "${hostConfig.networkPrefix}.97.1" ];

hosts/fw/modules/home-assistant/scenes/date.nix

@@ -4,6 +4,7 @@
     scene = [
       {
         name = "Date Night";
+        icon = "mdi:heart";
         entities = {
           "light.livingroom_showcase" = {
             state     = "on";

hosts/fw/modules/phpldapadmin.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+
+{
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers = {
+    phpldapadmin = {
+      image = "phpldapadmin/phpldapadmin:latest";
+      autoStart = true;
+      ports = [
+        "80:8087/tcp"
+      ];
+      environmentFiles = [
+        config.sops.secrets.phpldapadmin.path
+      ];
+    };
+  };
+
+  systemd.timers."restart-phpldapadmin" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 3:00:00";
+        Unit = "restart-phpldapadmin.service";
+      };
+  };
+
+  systemd.services."restart-phpldapadmin" = {
+    script = ''
+      set -eu
+      if ${pkgs.systemd}/bin/systemctl is-active --quiet podman-phpldapadmin.service; then
+          ${pkgs.systemd}/bin/systemctl restart podman-phpldapadmin.service
+      fi
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+
+  sops.secrets.phpldapadmin = {};
+}

hosts/fw/modules/web/default.nix

@@ -54,7 +54,7 @@ in {
           ../../utils/modules/lego/lego.nix
           # ../../utils/modules/borgbackup.nix
 
-          # ./phpldapadmin.nix
+          ./phpldapadmin.nix
           ./zammad.nix
           ./proxies.nix
           ./matrix.nix

hosts/fw/modules/web/phpldapadmin.nix

@@ -2,94 +2,51 @@
 
 with lib;
 
-let
-  phpldapadmin = pkgs.callPackage ../../pkgs/phpldapadmin.nix {};
-  fpm = config.services.phpfpm.pools.phpldapadmin;
-  stateDir = "/var/lib/phpldapadmin";
-  domain = "phpldapadmin.cloonar.com";
-in
 {
-
+  virtualisation.oci-containers.backend = "podman";
-  users.users.phpldapadmin = {
+  virtualisation.oci-containers.containers = {
-    description = "PHPLdapAdmin Service";
+    phpldapadmin = {
-    home = stateDir;
+      image = "phpldapadmin/phpldapadmin:latest";
-    useDefaultShell = true;
+      autoStart = true;
-    group = "phpldapadmin";
+      ports = [
-    isSystemUser = true;
+        "8087:8080/tcp"
+      ];
+      environmentFiles = [
+        config.sops.secrets.phpldapadmin.path
+      ];
+    };
   };
 
-  users.groups.phpldapadmin = { };
+  systemd.timers."restart-phpldapadmin" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 3:00:00";
+        Unit = "restart-phpldapadmin.service";
+      };
+  };
 
-  sops.secrets.phpldapadmin.owner = "phpldapadmin";
+  services.nginx.virtualHosts."pla.cloonar.com" = {
-
-  environment.etc."phpldapadmin/env".source = config.sops.secrets.phpldapadmin.path;
-
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "${domain}" = {
     forceSSL = true;
     enableACME = true;
     acmeRoot = null;
-        root = stateDir;
     locations."/" = {
-          root = "${phpldapadmin}/public";
+      proxyPass = "http://localhost:8087";
-          index = "index.php";
+      proxyWebsockets = true;
-          extraConfig = ''
+    };
-            location ~* \.php(/|$) {
+  };
-              fastcgi_split_path_info ^(.+\.php)(/.+)$;
-              fastcgi_pass unix:${fpm.socket};
 
-              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  systemd.services."restart-phpldapadmin" = {
-              fastcgi_param PATH_INFO       $fastcgi_path_info;
+    script = ''
-
+      set -eu
-              include ${pkgs.nginx}/conf/fastcgi_params;
+      if ${pkgs.systemd}/bin/systemctl is-active --quiet podman-phpldapadmin.service; then
-              include ${pkgs.nginx}/conf/fastcgi.conf;
+          ${pkgs.systemd}/bin/systemctl restart podman-phpldapadmin.service
-            }
+      fi
     '';
-        };
+    serviceConfig = {
-      };
+      Type = "oneshot";
+      User = "root";
     };
   };
 
-  environment.etc.nginx_allowed_groups = {
+  sops.secrets.phpldapadmin = {};
-    text = "employees";
-    mode = "0444";
-  };
-
-  security.pam.services.nginx.text = ''
-    # auth    required     pam_listfile.so \
-    #                      item=group sense=allow onerr=fail file=/etc/nginx_allowed_groups
-    auth    required     ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
-    account required     ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
-  '';
-  
-  services.phpfpm.pools.phpldapadmin = {
-    user = "phpldapadmin";
-    phpOptions = ''
-      error_log = 'stderr'
-      log_errors = on
-    '';
-    settings = mapAttrs (name: mkDefault) {
-      "listen.owner" = "nginx";
-      "listen.group" = "nginx";
-      "listen.mode" = "0660";
-      "pm" = "dynamic";
-      "pm.max_children" = 75;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 1;
-      "pm.max_spare_servers" = 20;
-      "pm.max_requests" = 500;
-      "catch_workers_output" = true;
-    };
-    phpEnv."PATH" = pkgs.lib.makeBinPath [
-      pkgs.which
-      phpldapadmin
-    ];
-  };
-
-  systemd.tmpfiles.rules = [
-    "d '${stateDir}' 0750 phpldapadmin phpldapadmin - -"
-  ];
-
 }

hosts/fw/modules/web/secrets.yaml

@@ -3,7 +3,7 @@ borg-ssh-key: ENC[AES256_GCM,data:b/xZnUTfi85IG1s897CBF1HD7BTswQUatbotyZfLmbhxXx
 zammad-key-base: ENC[AES256_GCM,data:HO9MuwcwjryuXr5No8sCPfso5bpLtQCoczrC/R214ecVIFwwH1uhMeNO8Tlh6EjRLPo7aVTSz87Vx5yaNVezvHCs55G6TT9mcNS/v/V7sbFz9dNIgbFblY3gFIAa4cViioYc71wdb7d4Tta7qhse5zQ41KhAqCWuGDgFErQA4Oc=,iv:b1wY8fW0psircSlNXwDjPzNWK8NyAMNqegitNcqV6U4=,tag:oQ7nyO9TKOOu6IF7ODzpPA==,type:str]
 dendrite-private-key: ENC[AES256_GCM,data:ZHDIa/iYSZGofE67JU63fHRdKbs/ZyEJY45tV6H8WZAOcduGafPYBo2NCZ7nqLbc2Z9dUUgsrpzvkQ3+VaWqFUv7YsE+CbCx4CeiLGMkj8EAGzX4rkJGHMzkkc2UT7v9znCnKACS3fZtU69trqVMcf1PzgqepOHMBku37dzpwOQC/Tc3UTuO72M=,iv:Ljun1/ruY9cDBm9vu62riUrpGjrWtFFx90GeE7uc3Yo=,tag:FF4xPb1SDhK/4ITr/idvYg==,type:str]
 matrix-shared-secret: ENC[AES256_GCM,data:HeS4PT0R+TRU6Htwa5TChjK1VAjAdgSS8tSnva+ga3f+mEfJPTQ02pEvS2WFvcnchmEjNYy39zL/rbtX,iv:4yR+VgdJY3VcvLg18v+5jbJDSkFzaeyLNAZ0k8ivjdQ=,tag:RA96iSFDUdlXq30c/vkvpA==,type:str]
-phpldapadmin: ENC[AES256_GCM,data:CJBFQfi0qJmPQcxPcneHcXFsIku0a+xdv7rmrKzC0XsBcn3N/dP8cGBbkC/GcH2OWBhRWFNFm0GOEALbJa/1z/hFxbxn1QJlfglglaXHNjiwJqND51GmNzd+5GJ39RHR7w06fVABgCrDM60DChJLy0Iql/eCITYhZUGpoLd4I+fKXy9zggVIzAA3tTYziJNuaBQuMe/i8V8AIt0DBefrEBITyl3wi/+Y4utLXiEUPOWPGCYfS+Xp7LcHiTJ2rZzwKJjYPiPs+7UYx2IsT2+ksJtSHR0+ibUHXNzebBTmAZ3+YBoyeBvdw2VmsgJeCUTC2SLnBAsR4J3AoSDQcZ0XrHq2oIzZC/Mf5g==,iv:iHx495CM8LHqrsiNPwzFXZQxWJZ5kCgWYvgwirjy7Uw=,tag:c7FvYuYzYjqH/Bqs7FbMzA==,type:str]
+phpldapadmin: ENC[AES256_GCM,data:bAc0KJibudGod9isX/A9vQApAwT6vMFJq3JL0RwP+mMfGDXhw0TwnB1Sg+DR9khDb9iilII+mDzkS3PacLJwrNe/ZS9Vy8as/9f5uMHQTUlqk6vK7ElQiknsda9dcOQrr3cZNT13CAAEuYxPEeWcLaLf1s/XxcKdTDgKHy9w+KnOuEqShEYjFskRq8wQvixicwVI9n0rSSc0oRwSmCmTh8//VI8MGkyaXrQLVrxBz8nSFVuMx32YuEuALndmYh92gkSX50UFagyiwjmGIt2bpisRq8JibIf82F9gqc7FDSQqwIknP43N/Jc=,iv:MU92wZQn6mzLalbtulC08DZ7asxR5kQZnf0IV3sB09E=,tag:Qpj/JhoYT1VIMhn0KhaW6A==,type:str]
 sops:
     age:
         - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
@@ -42,7 +42,7 @@ sops:
             WDdHb1I5dVFCcHJ0ejVhOXFIb1pKRlUKkCS05OVL7xvkZ1oh16GTCnateuXao9ZK
             6sMZ7/c9tafLH52psnjeUEJK15Bw8DihFjFctyIh242j8TtXXqxBYg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-10T11:35:59Z"
+    lastmodified: "2025-07-07T12:53:46Z"
-    mac: ENC[AES256_GCM,data:1r8IFSyvVmwSR9j9DROAbN6GmnQo8cg+Z1wCvg2hv/lql5FbeLgFUvVHYQvPGJK6cRUTM+7T010AZOZSWKJM2K3KqiinWLdVVM1G1Bvhv8T4epL2RHq65OgMd5jJFrMLYoyJmHUp3AkzlPeYJDtrvxGCB5B88H1L+ifZtV0pKJQ=,iv:uOnWxuPiPJkmc+wBf4EYihTLeugcyM4MX4AkYncfAFg=,tag:HWHGROye6YMR/cLm/C2G1Q==,type:str]
+    mac: ENC[AES256_GCM,data:dPvsaQ1xx+k4onugBVZhm2Pb97cX1f3qf5j68dqBmv585HwnS96eaOxvr/8JFnYejAoP3CPBGlM2sPnzJ5ic3UyGsyDvxX2oCnpioA/WQV/Itrx3U7r0oeT0kpvQ9YjfTYZIa4DNM3W7Qi3Efw3tskNJmLztBpzrajizTwB6oPE=,iv:LaBKX3M0piBpfPVtM4/21UMxi5eLHmMka8NVOvmS84o=,tag:lggS7bHmnK3nhCtsgzF+dw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

hosts/fw/pkgs/default.nix

@@ -0,0 +1,7 @@
+# default.nix
+let
+  pkgs = import <nixpkgs> {};
+in
+{
+  phpLDAPadmin = pkgs.callPackage ./phpldapadmin.nix { };
+}

hosts/fw/pkgs/foundry-vtt/default.nix

@@ -4,7 +4,7 @@ stdenv.mkDerivation rec {
   pname = "foundry-vtt";
   version = "12.331";
 
-  src = ./FoundryVTT-12.331.zip;
+  src = ./FoundryVTT-12.343.zip;
 
   nativeBuildInputs = [ unzip ];
 

hosts/fw/pkgs/phpldapadmin.nix

@@ -1,4 +1,4 @@
-{ fetchurl, lib, stdenv, nodejs_24, php, phpPackages }:
+{ fetchurl, lib, stdenv }:
 
 stdenv.mkDerivation rec {
   pname      = "phpLDAPadmin";
@@ -6,24 +6,11 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url    = "https://github.com/leenooks/phpLDAPadmin/archive/${version}.tar.gz";
-    sha256 = "sha256-hkigC458YSgAZVCzVznix8ktDBuQm+UH3ujXn9Umylc=";
+    sha256 = "hkigC458YSgAZVCzVznix8ktDBuQm+UH3ujXn9Umylc=";
   };
 
-  # Pull in PHP itself and Composer
-  buildInputs       = [ php nodejs_24 ];
-  nativeBuildInputs = [ phpPackages.composer ];
-
-  # Let composer do its work
-  buildPhase = ''
-    # install all PHP dependencies into vendor/
-    npm i
-    npm run prod
-    composer i --no-dev
-  '';
-
   installPhase = ''
     mkdir -p $out
-    # copy everything—including the newly created vendor/ directory
     cp -r . $out/
     ln -sf /etc/phpldapadmin/env $out/.env
   '';

hosts/fw/secrets.yaml

@@ -16,6 +16,7 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc
 wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str]
 wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str]
 matrix-shared-secret: ENC[AES256_GCM,data:67imd3m6WBeGP/5Msmjy8B6sP983jMyWzRIzWgNVV5jZslX+GBJyEYzm3OTDs1iTZf4ScvuYheTH0QFPfw==,iv:7ElCpESWumbIHmmFaedcpkFm5M58ZT3vW9wb9e1Sbh4=,tag:wr4FIymtJBtCerVqae+Xlw==,type:str]
+phpldapadmin: ENC[AES256_GCM,data:EsZkWQFbbB0uh/RTPJi3CVC7CwAsYhO8Nrjp6P7r4f7/HCC6IEmaQk/v8il1CoXFX7xsAW8tYLbnZmIwDjirdq/zW1OCJngkTkTjaG1b4QVqLVI8eYaY5uGZAFCF6xTEQxUKIXtBO1TlYLqsrw9JwyfOSFjXQ42ONJyEl5ewrwAPaIpy5Hk30uB+vvcFdYASA27IMXCPJHemppLApgiq9IFitN1o5spVWcEjq9TQFki69dvsOrKkedeVbKeMOvMW0dizrbEbmGg20JxzLIlRSzg1Vch0nWfw+9oyirGCaOHfW29fN2/oIrC3E3kHs5MQ2fpNEfjD+YV6n4sHj8wQ/BY7IGVu0MFw,iv:s511vjw8lKHWzTl4Az1MtValtPrWD32W8D/wAd3JJ1Q=,tag:KFjYQ2/WBoBnhl3Q8bfNRQ==,type:str]
 palworld: ENC[AES256_GCM,data:rdqChPt4gSJHS1D60+HJ+4m5mg35JbC+pOmevK21Y95QyAIeyBLVGhRYlOaUcqdZM2e4atyTTSf6z4nHsm539ddCbW7J2DCdF5PQkrAGDmmdTVq+jyJAT8gTrbXXCglT1wvFYY5dbf2NKA4ASJIA8bdVNuwRZU0CtFiishzLuc9m8ZcGCNwQ/+xkMZgkUAHYRlEJAZyMpXR6KkFftiR05JRAFczD4N7GXPPe+vyvgXg7QBGtf20Qd4SGBUw0zI/SNTRmifHUuc4Z6+Fe9JHgvTc3uFcTMVnty0fEuL+a29liaVdAFq8BnqJfc5CNV401ZSUeMbG41lCn1cegP/WChs9J6HXNrhWDgiXa6ln++NoKcfOHIfZVbYOCoOxFR6+YWeBU2+sHmdwI9j5XQf5Ly2hmg12j0Ds2Cn8k4PG5aQP+HT2bedqyxwSt6fi97A0Osnh4ig7+DzYAjSNLewbYLzVdK39VdvB9hqLto+yFS3gAaeYOHwPwtqa+COI85c55lHiyKHlSwPhBqYaaiDu00lQTUzq9R5vz6F/l+T3bUjuna5RryUu8yhnk5DyK834KycTOg4ETcZTqro6prfiEBxc+Utsc9JvEtZgwFv6fsVLOu7nHxuiYuvseZ4YA8LlYdwPJboMPO2XsuhwWtT1uz/rh2orH7/vsXvzA/kF8NFemWBEMVLYA8byC5ze8doiGDYp4T5AAf10nJB1ceQ==,iv:gs78fxhvo9KlTaR5nzs12/LdgPChSFPHD2k4VQp3ARo=,tag:lpWBOi9xh2cWkS+71KD/UQ==,type:str]
 ark: ENC[AES256_GCM,data:YYGyzoVIKI9Ac1zGOr0BEpd3fgBsvp1hSwAvfO07/EQdg8ufMWUkNvqNHDKN62ZK5A1NnY3JTA1p4gyZ4ryQeAOsbwqU1GSk2YKHFyPeEnpLz/Ml82KMsv7XPGXuKRXZ4v3UcLu0R8k1Q0gQsMWo4FjCs3FF5mVtJG/YWxxbCYHoBLJ/di5p0DgjuFgJBQknYBpuLzr+yIoeqEyN7XcGYAJO53trEJuOOxLILULifkqISHjZ66i5F1fHW0iUdRbmeWV4aOAeOrsQqXYv,iv:gJwV5ip84zHqpU0l0uESfWWOtcgihMvEEdLaeI+twcU=,tag:sy8udVQsKxV/jOqwhJmWAg==,type:str]
 firefox-sync: ENC[AES256_GCM,data:uAJAdyKAuXRuqCFl8742vIejU5RnAPpUxUFCC0s0QeXZR5oH2YOrDh+3vKUmckW4V1cIhSHoe+4+I4HuU5E73DDrJThfIzBEw+spo4HXwZf5KBtu3ujgX6/fSTlPWV7pEsDDsZ0y6ziKPADBDym8yEk0bU9nRedvTBUhVryo3aolzF/c+gJvdeDvKUYa8+8=,iv:yuvE4KG7z7Rp9ZNlLiJ2rh0keed3DuvrELzsfJu4+bs=,tag:HFo1A53Eva31NJ8fRE7TlA==,type:str]
@@ -60,7 +61,7 @@ sops:
             WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j
             eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-31T08:08:02Z"
+    lastmodified: "2025-07-07T11:02:46Z"
-    mac: ENC[AES256_GCM,data:p6FHDa6Xfd66pH4zB8s6nhGGk2Ha2YTC/wUsCrqu+9M01VQ7qv9tha1MpKMj9TUxSPSxPOI++5zkNi5LJbs4Y4q0KH4yd9w/guMmJB2+d2YUwNCTofvmQp3wS1KtaRbaai6mAXZELaVEsRkmwUdkdApNbSZkTZgDc+CMH7OmHbs=,iv:w/kv2wRO6N4k1U7y8efS7LXhrpMxkZ9kTs3lFo23MA8=,tag:F4rZGG00AQZLfGU3djgW8Q==,type:str]
+    mac: ENC[AES256_GCM,data:gf6Lw3aiGLVHNNrt/9SwFtK9fnzI4fiNf4/MjlHF+BSGnwSobccbUFObsT5mnce6nMsFM3kZ4Ac1ceckND02CH+P4hf5ylczPibz8B8sGDUulLmCpddBG++eXU4CO4Oi1VBqiCqkxPGPDtgidOMy+KJ1EHvSaiD/duOXrE9/qE8=,iv:RxIohGvtU+GGnpmW/k+fZlQLT8+13P4+5ZMHsDoSY94=,tag:5QNfKhjwCB8Q984WAIXdnA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

hosts/nb/users/configs/project_history

@@ -52,9 +52,8 @@
 /home/dominik/projects/epicenter.works/epicenter.works-website
 /home/dominik/projects/epicenter.works/epicenter-nixos
 /home/dominik/projects/epicenter.works/spenden.akvorrat.at
-/home/dominik/projects/epicenter.works/dearmep-website
+/home/dominik/projects/epicenter.works/eidas.monitor
-/home/dominik/projects/epicenter.works/padexporter
+
-/home/dominik/projects/epicenter.works/ansible-pull
 /home/dominik/projects/cloonar/lena-schilling-website
 /home/dominik/projects/cloonar/dialog-relations-website
 /home/dominik/projects/cloonar/imperfect-perfect.com

hosts/nb/users/dominik.nix

@@ -656,8 +656,7 @@ in
       git clone git@gitlab.epicenter.works:epicenter.works/nixos.git ${persistHome}/projects/epicenter.works/epicenter-nixos 2>/dev/null
       git clone git@github.com:AKVorrat/spenden.akvorrat.at.git ${persistHome}/projects/epicenter.works/spenden.akvorrat.at 2>/dev/null
       git clone git@github.com:AKVorrat/dearmep-website.git ${persistHome}/projects/epicenter.works/dearmep-website 2>/dev/null
-      git clone git@github.com:AKVorrat/padexporter.git ${persistHome}/projects/epicenter.works/padexporter 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/eidas.monitor.git ${persistHome}/projects/epicenter.works/eidas.monitor 2>/dev/null
-      git clone git@github.com:AKVorrat/ansible-config.git ${persistHome}/projects/epicenter.works/ansible-pull 2>/dev/null
       set -eu
     '';
 

hosts/web-arm/sites/dialog-relations.at.nix

@@ -1,6 +1,11 @@
 { pkgs, lib, config, ... }:
 {
   services.typo3.instances."dialog-relations.at" = {
+    domainAliases = [
+      "www.dialog-relations.at"
+      "dialogrelations.at"
+      "www.dialogrelations.at"
+    ];
     authorizedKeys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFfBQ1dfjWNHQyYIjTtQaJgDJFvHAZhSz5QzPfzOvnI6"
     ];