many changes

2024-09-03 14:47:06 +02:00
parent fb32b88798
commit 92099bd1e9
44 changed files with 900 additions and 658 deletions
--- a/hosts/web-arm/sites/feeds.cloonar.com.nix
+++ b/hosts/web-arm/sites/feeds.cloonar.com.nix
@@ -0,0 +1,54 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "feeds.cloonar.com";
+  dataDir = "/var/www/${domain}";
+in {
+
+  sops.secrets.nextcloud-smb-credentials-feeds = {
+    owner = "feeds_cloonar_com";
+    key = "nextcloud-smb-credentials";
+  };
+  fileSystems."${dataDir}/public" = {
+    device = "//u149513.your-backup.de/u149513-sub4/dominik.polakovics@cloonar.com/files/Audio\ Books/";
+    fsType = "cifs";
+    options = let
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users,file_mode=0770,dir_mode=0770";
+      in ["${automount_opts},credentials=${config.sops.secrets.nextcloud-smb-credentials-feeds.path},uid=1011,gid=60"];
+  };
+
+  services.borgbackup.jobs.default.exclude = [
+    "${dataDir}/public"
+  ];
+
+
+  services.webstack.instances."${domain}" = {
+    enableDefaultLocations = false;
+    enableMysql = false;
+    authorizedKeys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDBGlzrg6NP5ezRFVu1CV8r0uCcS2oIgYG2/u6Cit++ARWQRO5Y0+9qC1Y2RNUaLPbvTmXg7ShskolUeuLryqvp10K2kXQ4E9NlmJ3BNLiAfWCzfe6gAgr6u5unVlXHttnP0leYpGGMUCKuiJpzy/bR6rMIUrCQC6W/MeXkwysNWKvL+ZD0IeQbogtfMFZmag9PO04RKZZvuUn9YvlgkTEK97g5dtyP1NxdtE9dDYf0G+0HcHITcw+lVmGNNwi43nAoUHieQd1kWc8YmxFB+y5O+vRH2O6pZBSdr0tdK6bPcezxd3Gk6i3a54yZfbvSislWA+o7s6uw/qExocpZb7xWa5ymPrGlEPbpYdT1y3hFO25+L1lR4QdG9oUNtJ974bL+EmYmHU+j32K3f8fxDg6BRo8FuriLtAzP7/2/7W8K4nIdMoosS+Ond2JE6XFkg1kSrXCivDBQoetZLO2y+ZPYcsQwIZsdjOnZqVr76nTepqCGIKYCuNM/9sl4AWCsyU="
+    ];
+    extraConfig = ''
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-Content-Type-Options "nosniff";
+
+      index index.php
+
+      charset utf-8;
+
+      error_page 404 /index.php;
+    '';
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+    locations."/robots.txt".extraConfig = ''
+      access_log off;
+      log_not_found off;
+    '';
+
+    locations."/".extraConfig = ''
+      try_files $uri $uri/ /index.php$is_args$args;
+    '';
+    phpPackage = pkgs.php82;
+  };
+}
--- a/hosts/web-arm/sites/matomo.cloonar.com.nix
+++ b/hosts/web-arm/sites/matomo.cloonar.com.nix
@@ -113,5 +113,16 @@ in {
    };
  };

+  services.mysql = {
+    ensureUsers = [
+      {
+        name = "matomo";
+        ensurePermissions = {
+          "matomo.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = [ "matomo" ];
+  };
  services.mysqlBackup.databases = [ "matomo" ];
 }
--- a/hosts/web-arm/sites/stage.myhidden.life.nix
+++ b/hosts/web-arm/sites/stage.myhidden.life.nix
@@ -38,12 +38,12 @@
    '';
  };

-  systemd.services."stage-myhidden-life-schedule" = {
-    startAt = "*:0/1:0";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "stage_myhidden_life";
-      ExecStart = "${pkgs.php83}/bin/php /var/www/stage.myhidden.life/artisan schedule:run";
-    };
-  };
+  # systemd.services."stage-myhidden-life-schedule" = {
+  #   startAt = "*:0/1:0";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "stage_myhidden_life";
+  #     ExecStart = "${pkgs.php83}/bin/php /var/www/stage.myhidden.life/artisan schedule:run";
+  #   };
+  # };
 }
--- a/hosts/web-arm/sites/support.cloonar.dev.nix
+++ b/hosts/web-arm/sites/support.cloonar.dev.nix
@@ -0,0 +1,72 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "support.cloonar.dev";
+  user = "support_cloonar_dev";
+
+  # phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
+  #     enabled ++ [ all.imagick all.pcntl all.mbstring ]);
+
+  phpPackage = pkgs.php83.buildEnv {
+    extensions = ({ enabled, all }: enabled ++ (with all; [
+      imagick
+      mbstring
+      pcntl
+      imap
+      gd
+      curl
+      intl
+      zip
+    ]));
+  };
+
+in {
+  services.webstack.instances."${domain}" = {
+    enableDefaultLocations = false;
+    enableMysql = true;
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChPB1wdZUO/VTt2J9e0+mLYhXcsWSL487HNQfmt23vB"
+    ];
+    extraConfig = ''
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-Content-Type-Options "nosniff";
+
+      index index.php
+
+      charset utf-8;
+
+      error_page 404 /index.php;
+    '';
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+    locations."/robots.txt".extraConfig = ''
+      access_log off;
+      log_not_found off;
+    '';
+
+    locations."/".extraConfig = ''
+      try_files $uri $uri/ /index.php$is_args$args;
+    '';
+    phpPackage = phpPackage;
+  };
+
+  systemd.services."freescout-worker" = {
+    enable = true;
+    serviceConfig = {
+      User = "${user}";
+      ExecStart = "${phpPackage}/bin/php /var/www/${domain}/artisan queue:work --queue=emails,default,a5b8cea21bd06d071d2d8da9307d9e04 --sleep=5 --tries=1 --timeout=1800";
+    };
+  };
+
+  systemd.services."freescout-cron" = {
+    startAt = "*:*";
+    wants = [ "freescout-worker.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      User = "${user}";
+      ExecStart = "${phpPackage}/bin/php /var/www/${domain}/artisan schedule:run --no-interaction";
+    };
+  };
+
+}