From a912c4dc55877ce4120edf7e4df75208d85c219b Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sat, 15 Nov 2025 21:56:40 +0100
Subject: [PATCH] feat: amz enable all hosts

---
 hosts/amzebs-01/sites/api.ebs.amz.at.nix      |  2 +-
 .../amzebs-01/sites/api.stage.ebs.amz.at.nix  |  2 +-
 hosts/amzebs-01/sites/default.nix             |  9 ++--
 .../sites/ebs-mobile.cloonar.dev.nix          | 49 +++++++++++++++++++
 hosts/amzebs-01/sites/ebs.amz.at.nix          |  2 +-
 hosts/amzebs-01/sites/stage.ebs.amz.at.nix    |  2 +-
 6 files changed, 58 insertions(+), 8 deletions(-)
 create mode 100644 hosts/amzebs-01/sites/ebs-mobile.cloonar.dev.nix

diff --git a/hosts/amzebs-01/sites/api.ebs.amz.at.nix b/hosts/amzebs-01/sites/api.ebs.amz.at.nix
index a139806..77a4285 100644
--- a/hosts/amzebs-01/sites/api.ebs.amz.at.nix
+++ b/hosts/amzebs-01/sites/api.ebs.amz.at.nix
@@ -4,7 +4,7 @@
     enableDefaultLocations = false;
     enableMysql = true;
     authorizedKeys = [
-      # Add deployment SSH key here
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTsA1z6/vOshSqmEUGO6vFbAYCrucgNORMKyoQ5/9/l"
     ];
     extraConfig = ''
       add_header X-Frame-Options "SAMEORIGIN";
diff --git a/hosts/amzebs-01/sites/api.stage.ebs.amz.at.nix b/hosts/amzebs-01/sites/api.stage.ebs.amz.at.nix
index e554528..21bb6a0 100644
--- a/hosts/amzebs-01/sites/api.stage.ebs.amz.at.nix
+++ b/hosts/amzebs-01/sites/api.stage.ebs.amz.at.nix
@@ -4,7 +4,7 @@
     enableDefaultLocations = false;
     enableMysql = true;
     authorizedKeys = [
-      # Add deployment SSH key here
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpF703JmLTBpBjTSvC0bnYu+lSYdmaGPHxMnHEbMmp"
     ];
     extraConfig = ''
       add_header X-Frame-Options "SAMEORIGIN";
diff --git a/hosts/amzebs-01/sites/default.nix b/hosts/amzebs-01/sites/default.nix
index 47b194f..203d13c 100644
--- a/hosts/amzebs-01/sites/default.nix
+++ b/hosts/amzebs-01/sites/default.nix
@@ -3,11 +3,12 @@
     # Enabled vhosts (cloonar.dev)
     ./api.ebs.cloonar.dev.nix
     ./ebs.cloonar.dev.nix
+    ./ebs-mobile.cloonar.dev.nix
 
     # Disabled vhosts (amz.at) - uncomment to enable
-    # ./api.ebs.amz.at.nix
-    # ./api.stage.ebs.amz.at.nix
-    # ./ebs.amz.at.nix
-    # ./stage.ebs.amz.at.nix
+    ./api.ebs.amz.at.nix
+    ./api.stage.ebs.amz.at.nix
+    ./ebs.amz.at.nix
+    ./stage.ebs.amz.at.nix
   ];
 }
diff --git a/hosts/amzebs-01/sites/ebs-mobile.cloonar.dev.nix b/hosts/amzebs-01/sites/ebs-mobile.cloonar.dev.nix
new file mode 100644
index 0000000..4d2dd25
--- /dev/null
+++ b/hosts/amzebs-01/sites/ebs-mobile.cloonar.dev.nix
@@ -0,0 +1,49 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "ebs-mobile.cloonar.dev";
+  dataDir = "/var/www/${domain}";
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    # Use HTTP-01 challenge for Let's Encrypt
+    acmeRoot = lib.mkForce "/var/lib/acme/acme-challenge";
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    # React client-side routing support
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html;
+    '';
+
+    # Cache static assets
+    locations."~* \\.(js|jpg|gif|png|webp|css|woff2|svg|ico)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
+    '';
+
+    # Deny PHP execution
+    locations."~ [^/]\\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+
+  users.users."${domain}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode = "770";
+    group = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErjoADQK5SJ5si/iezzwQn5xH1RkgnTIlbeE4BRU1FN"
+    ];
+  };
+
+  users.groups.${domain} = {};
+}
diff --git a/hosts/amzebs-01/sites/ebs.amz.at.nix b/hosts/amzebs-01/sites/ebs.amz.at.nix
index a37038c..e6ec6a4 100644
--- a/hosts/amzebs-01/sites/ebs.amz.at.nix
+++ b/hosts/amzebs-01/sites/ebs.amz.at.nix
@@ -41,7 +41,7 @@ in {
     homeMode = "770";
     group = "nginx";
     openssh.authorizedKeys.keys = [
-      # Add deployment SSH key here
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInwmhTIPw7NnR3LDn2T5N6by0ZPXdL3r2O/8oRUc/ki"
     ];
   };
 
diff --git a/hosts/amzebs-01/sites/stage.ebs.amz.at.nix b/hosts/amzebs-01/sites/stage.ebs.amz.at.nix
index 930bb51..60dc9bc 100644
--- a/hosts/amzebs-01/sites/stage.ebs.amz.at.nix
+++ b/hosts/amzebs-01/sites/stage.ebs.amz.at.nix
@@ -41,7 +41,7 @@ in {
     homeMode = "770";
     group = "nginx";
     openssh.authorizedKeys.keys = [
-      # Add deployment SSH key here
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErjoADQK5SJ5si/iezzwQn5xH1RkgnTIlbeE4BRU1FN"
     ];
   };