feat: web-arm change to docker and install scana11y

hosts/web-arm/configuration.nix

@@ -34,6 +34,11 @@
     ./modules/web/stack.nix
 
     ./sites
+
+    # comment out for first build, so ssh key and config is present
+    # otherwise the build will fail
+    ./modules/sa-core.nix
+    
   ];
 
   nixpkgs.overlays = [
@@ -76,30 +81,12 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
   ];
 
-  systemd.tmpfiles.rules = [
-    "d /var/lib/nix-ssh-keys 0700 root root -"
-  ];
-  sops.secrets.gitea-ssh-key = {
-    path = "/var/lib/nix-ssh-keys/gitea_ed25519";
-    owner = "root";
-    group = "root";
-    mode = "0600";
-  };
   programs.ssh = {
     knownHosts = {
       "git.cloonar.com" = {
         publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlUj7eEfS/4+z/3IhFhOTXAfpGEpNv6UWuYSL5OAhus";
       };
     };
-    extraConfig = ''
-      Host gitea-internal
-        HostName git.cloonar.com
-        User gitea
-        Port 22
-        IdentitiesOnly yes
-        IdentityFile /var/lib/nix-ssh-keys/gitea_ed25519
-        StrictHostKeyChecking yes
-    '';
   };
 
   # backups