changes

hosts/web-arm/configuration.nix

@@ -34,6 +34,7 @@
     ./sites/gbv-aktuell.at.nix
     ./sites/matomo.cloonar.com.nix
     ./sites/support.cloonar.dev.nix
+    ./sites/stage.cloonar-technologies.at.nix
 
     ./sites/cloonar.dev.nix
     ./sites/paraclub.cloonar.dev.nix
@@ -41,10 +42,11 @@
     ./sites/tandem.paraclub.cloonar.dev.nix
     ./sites/module.paraclub.cloonar.dev.nix
     ./sites/gbv-aktuell.cloonar.dev.nix
-    ./sites/lena-schilling.cloonar.dev.nix
     ./sites/stage.myhidden.life.nix
     ./sites/stage.korean-skin.care.nix
     ./sites/feeds.jordanrannells.com.nix
+    ./sites/dialog-relations.cloonar.dev.nix
+    ./sites/lena-schilling.cloonar.dev.nix
     ./sites/lena-schilling.at.nix
   ];
 

hosts/web-arm/modules/authelia/default.nix

@@ -1,6 +1,10 @@
-{ config, ... }:
-
-{
+{ config, pkgs, ... }:
+let
+  unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") {
+    config = config.nixpkgs.config;
+    system = pkgs.system;
+  };
+in {
   sops.secrets.authelia-jwt-secret = {
     owner = "authelia-main";
   };
@@ -24,6 +28,7 @@
   };
 
   services.authelia.instances.main = {
+    package = unstable.authelia;
     enable = true;
     secrets = {
       jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path;

hosts/web-arm/modules/web/typo3.nix

@@ -134,8 +134,8 @@ in
       nameValuePair ("typo3-cron-" + domain) {
         script = ''
           set -eu
-          ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 scheduler:run
-          ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 ke_search:indexing
+          ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 scheduler:run
+          ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 ke_search:indexing
         '';
         serviceConfig = {
           Type = "oneshot";

hosts/web-arm/sites/api.paraclub.cloonar.dev.nix

@@ -31,5 +31,11 @@
     '';
     phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
       enabled ++ [ all.imagick ]);
+    phpOptions = ''
+      opcache.enable=1
+      opcache.memory_consumption=128
+      opcache.validate_timestamps=0
+      opcache.revalidate_path=0
+    '';
   };
 }

hosts/web-arm/sites/cloonar.dev.nix

@@ -3,16 +3,11 @@ let
   domain = "cloonar.dev";
   dataDir = "/var/www/${domain}";
 in {
-  services.nginx.virtualHosts."${domain}" = {
-    forceSSL = true;
-    enableACME = true;
-    acmeRoot = null;
-    root = "${dataDir}";
 
-    locations."/favicon.ico".extraConfig = ''
-      log_not_found off;
-      access_log off;
-    '';
+  services.webstack.instances."${domain}" = {
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6frP875aOnuFALjgP3ZCySCcYSGqtIzIK80S/L/D/w"
+    ];
 
     locations."/".extraConfig = ''
       index index.html;
@@ -35,26 +30,22 @@ in {
       }
     '';
 
-    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
-     expires 365d;
-     add_header Pragma "public";
-     add_header Cache-Control "public";
+    locations."^~ /vcards/".extraConfig = ''
+        location ~ /\.env {
+            deny all;
+            return 404;
+        }
+
+        # Determine if the requested file exists
+        try_files $uri $uri/ /vcards/index.php$is_args$args;
     '';
 
-    locations."~ [^/]\.php(/|$)".extraConfig = ''
-      deny all;
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
     '';
+
+    phpPackage = pkgs.php;
   };
-  users.users."${domain}" = {
-    isNormalUser = true;
-    createHome = true;
-    home = dataDir;
-    homeMode= "770";
-    #home = "/home/${domain}";
-    group  = "nginx";
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
-    ];
-  };
-  users.groups.${domain} = {};
 }

hosts/web-arm/sites/dialog-relations.cloonar.dev.nix

@@ -0,0 +1,10 @@
+{ pkgs, lib, config, ... }:
+{
+  services.typo3.instances."dialog-relations.cloonar.dev" = {
+    acmeRoot = "/var/lib/acme/acme-challenge";
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma"
+    ];
+    phpPackage = pkgs.php83;
+  };
+}

hosts/web-arm/sites/dialog-relations.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01

hosts/web-arm/sites/paraclub.at.nix

@@ -16,6 +16,7 @@ in {
 
     locations."/".extraConfig = ''
       index index.html;
+      error_page 404 /404.html;
     '';
 
     locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

hosts/web-arm/sites/paraclub.cloonar.dev.nix

@@ -16,6 +16,7 @@ in {
 
     locations."/".extraConfig = ''
       index index.html;
+      error_page 404 /de/404.html;
     '';
 
     locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

hosts/web-arm/sites/stage.cloonar-technologies.at.nix

@@ -0,0 +1,43 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "stage.cloonar-technologies.at";
+  dataDir = "/var/www/${domain}";
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    locations."/".extraConfig = ''
+      index index.html;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+     expires 365d;
+     add_header Pragma "public";
+     add_header Cache-Control "public";
+    '';
+
+    locations."~ [^/]\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+  users.users."${domain}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode= "770";
+    #home = "/home/${domain}";
+    group  = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/zRVX9TyYcimkC8lxGjfJAoaL2zHDBH3QnRfUvgYHc"
+    ];
+  };
+  users.groups.${domain} = {};
+}