Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: amz enable all hosts

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-11-15 21:56:40 +01:00
parent 8a2a68a91c
commit a912c4dc55
6 changed files with 58 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/amzebs-01/sites/api.ebs.amz.at.nix
View File

@@ -4,7 +4,7 @@
enableDefaultLocations = false; enableDefaultLocations = false;
enableMysql = true; enableMysql = true;
authorizedKeys = [ authorizedKeys = [
# Add deployment SSH key here "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTsA1z6/vOshSqmEUGO6vFbAYCrucgNORMKyoQ5/9/l"
]; ];
extraConfig = '' extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";

2
hosts/amzebs-01/sites/api.stage.ebs.amz.at.nix
View File

@@ -4,7 +4,7 @@
enableDefaultLocations = false; enableDefaultLocations = false;
enableMysql = true; enableMysql = true;
authorizedKeys = [ authorizedKeys = [
# Add deployment SSH key here "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpF703JmLTBpBjTSvC0bnYu+lSYdmaGPHxMnHEbMmp"
]; ];
extraConfig = '' extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";

9
hosts/amzebs-01/sites/default.nix
View File

@@ -3,11 +3,12 @@
# Enabled vhosts (cloonar.dev) # Enabled vhosts (cloonar.dev)
./api.ebs.cloonar.dev.nix ./api.ebs.cloonar.dev.nix
./ebs.cloonar.dev.nix ./ebs.cloonar.dev.nix
./ebs-mobile.cloonar.dev.nix
# Disabled vhosts (amz.at) - uncomment to enable # Disabled vhosts (amz.at) - uncomment to enable
# ./api.ebs.amz.at.nix ./api.ebs.amz.at.nix
# ./api.stage.ebs.amz.at.nix ./api.stage.ebs.amz.at.nix
# ./ebs.amz.at.nix ./ebs.amz.at.nix
# ./stage.ebs.amz.at.nix ./stage.ebs.amz.at.nix
]; ];
} }

49
hosts/amzebs-01/sites/ebs-mobile.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,49 @@
{ pkgs, lib, config, ... }:
let
domain = "ebs-mobile.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
# Use HTTP-01 challenge for Let's Encrypt
acmeRoot = lib.mkForce "/var/lib/acme/acme-challenge";
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
# React client-side routing support
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html;
'';
# Cache static assets
locations."~* \\.(js|jpg|gif|png|webp|css|woff2|svg|ico)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
# Deny PHP execution
locations."~ [^/]\\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode = "770";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErjoADQK5SJ5si/iezzwQn5xH1RkgnTIlbeE4BRU1FN"
];
};
users.groups.${domain} = {};
}

2
hosts/amzebs-01/sites/ebs.amz.at.nix
View File

@@ -41,7 +41,7 @@ in {
homeMode = "770"; homeMode = "770";
group = "nginx"; group = "nginx";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Add deployment SSH key here "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInwmhTIPw7NnR3LDn2T5N6by0ZPXdL3r2O/8oRUc/ki"
]; ];
}; };

2
hosts/amzebs-01/sites/stage.ebs.amz.at.nix
View File

@@ -41,7 +41,7 @@ in {
homeMode = "770"; homeMode = "770";
group = "nginx"; group = "nginx";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Add deployment SSH key here "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErjoADQK5SJ5si/iezzwQn5xH1RkgnTIlbeE4BRU1FN"
]; ];
}; };