feat: web-arm change to docker and install scana11y

2025-09-09 17:55:43 +02:00
parent 58089e558e
commit b48ec98cb3
6 changed files with 87 additions and 23 deletions
--- a/hosts/web-arm/modules/sa-core.nix
+++ b/hosts/web-arm/modules/sa-core.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, ... }:
+{
+  virtualisation = {
+    docker.enable = true;
+  };
+
+  users.users.scana11y_com.extraGroups = [ "docker" ];
+
+  systemd.services."scana11y-wohnservice-wien.at" = {
+    description = "ScanA11y wohnservice-wien.at";
+    wants = [ "docker.service" ];
+    after = [ "docker.service" "network-online.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      User = "scana11y_com";
+    };
+
+    path = [ pkgs.docker pkgs.wkhtmltopdf ];
+
+    script = ''
+      exec ${pkgs.sa-core}/bin/sa-core scan \
+        -domain=wohnservice-wien.at \
+        -depth=3 \
+        -max-pages=100 \
+        -image=cloonar/sa-core:v0.1.3 \
+        -output=/var/www/scana11y.com/reports \
+        -wkhtmltopdf=${pkgs.wkhtmltopdf}/bin/wkhtmltopdf \
+        -email-server=imap.cloonar.com \
+        -email-username=office@scana11y.com \
+        -email-password-file=${config.sops.secrets.sa-core-mailpw.path} \
+        -email-sender=office@scana11y.com \
+        -email-recipient=dominik.polakovics@cloonar.com \
+        -keep 6 \
+        -webroot=https://scana11y.com/reports
+    '';
+  };
+
+  systemd.timers."scana11y-wohnservice-wien.at" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "monthly";
+      Persistent = true;
+      RandomizedDelaySec = "1h"; # spread load a bit
+    };
+  };
+
+  sops.secrets.sa-core-mailpw.owner = "scana11y_com";     # written as root at activation
+}