Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add zammad to fw vm, add web-arm machine

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-08-16 22:42:00 +02:00
parent d46990b7fb
commit f86996cd28
87 changed files with 4681 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
hosts/web-arm/sites/api.optiprot.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,34 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."api.optiprot.cloonar.dev" = {
enableDefaultLocations = false;
enableMysql = true;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDBGlzrg6NP5ezRFVu1CV8r0uCcS2oIgYG2/u6Cit++ARWQRO5Y0+9qC1Y2RNUaLPbvTmXg7ShskolUeuLryqvp10K2kXQ4E9NlmJ3BNLiAfWCzfe6gAgr6u5unVlXHttnP0leYpGGMUCKuiJpzy/bR6rMIUrCQC6W/MeXkwysNWKvL+ZD0IeQbogtfMFZmag9PO04RKZZvuUn9YvlgkTEK97g5dtyP1NxdtE9dDYf0G+0HcHITcw+lVmGNNwi43nAoUHieQd1kWc8YmxFB+y5O+vRH2O6pZBSdr0tdK6bPcezxd3Gk6i3a54yZfbvSislWA+o7s6uw/qExocpZb7xWa5ymPrGlEPbpYdT1y3hFO25+L1lR4QdG9oUNtJ974bL+EmYmHU+j32K3f8fxDg6BRo8FuriLtAzP7/2/7W8K4nIdMoosS+Ond2JE6XFkg1kSrXCivDBQoetZLO2y+ZPYcsQwIZsdjOnZqVr76nTepqCGIKYCuNM/9sl4AWCsyU="
];
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php
charset utf-8;
error_page 404 /index.php;
'';
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/robots.txt".extraConfig = ''
access_log off;
log_not_found off;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php$is_args$args;
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
};
}

34
hosts/web-arm/sites/api.optiprot.eu.nix Normal file
View File

@@ -0,0 +1,34 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."api.optiprot.eu" = {
enableDefaultLocations = false;
enableMysql = true;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDBGlzrg6NP5ezRFVu1CV8r0uCcS2oIgYG2/u6Cit++ARWQRO5Y0+9qC1Y2RNUaLPbvTmXg7ShskolUeuLryqvp10K2kXQ4E9NlmJ3BNLiAfWCzfe6gAgr6u5unVlXHttnP0leYpGGMUCKuiJpzy/bR6rMIUrCQC6W/MeXkwysNWKvL+ZD0IeQbogtfMFZmag9PO04RKZZvuUn9YvlgkTEK97g5dtyP1NxdtE9dDYf0G+0HcHITcw+lVmGNNwi43nAoUHieQd1kWc8YmxFB+y5O+vRH2O6pZBSdr0tdK6bPcezxd3Gk6i3a54yZfbvSislWA+o7s6uw/qExocpZb7xWa5ymPrGlEPbpYdT1y3hFO25+L1lR4QdG9oUNtJ974bL+EmYmHU+j32K3f8fxDg6BRo8FuriLtAzP7/2/7W8K4nIdMoosS+Ond2JE6XFkg1kSrXCivDBQoetZLO2y+ZPYcsQwIZsdjOnZqVr76nTepqCGIKYCuNM/9sl4AWCsyU="
];
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php
charset utf-8;
error_page 404 /index.php;
'';
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/robots.txt".extraConfig = ''
access_log off;
log_not_found off;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php$is_args$args;
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
};
}

34
hosts/web-arm/sites/api.paraclub.at.nix Normal file
View File

@@ -0,0 +1,34 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."api.paraclub.at" = {
enableDefaultLocations = false;
enableMysql = true;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmLPJoHwL+d7dnc3aFLbRCDshxRSQ0dtAVv/LYBn2/PBlZcIyVO9drjr702GL9QuS5DQyjtoZjSOvv1ykBKedUwY3XDyyZgtqjleojKIFMXkdXtD5iG+RUraUfzcFCZU12BYXSeAXK1HmIjSDUtDOlp6lVVWxNpz1vWSRtA/+PULhP+n5Cj7232Wf372+EPfQPntOlcMbyrDLFtj7cUz+E6BH0qdX0l3QtIVnK/C1iagPAwLcwPJd9Sfs8lj5C4g8T9uBJa6OX+87lE4ySYY+Cik9BN59S0ctjXvWCFsPO3udQSC1mf33XdDenc2mbi+lZWTfrN8S2K5CsbxRsVBlbapFBRwufEpN4iQnaTu1QmzDrmktBFAPJ2jvjBJPIx6W3KOy3kUwh9WNhzd/ubf9dFTHzkTzgluo/Zk6/S8fTJiA4rbYKSkLw9Y265bvtR1kfUBLKSa/Axe5dkKysX1RNKfTJEwbh2TfIS3apQPZZc5kIEWfeK/6kbQX7WJZFtTs="
];
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php
charset utf-8;
error_page 404 /index.php;
'';
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/robots.txt".extraConfig = ''
access_log off;
log_not_found off;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php$is_args$args;
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
};
}

35
hosts/web-arm/sites/api.paraclub.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,35 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."api.paraclub.cloonar.dev" = {
enableDefaultLocations = false;
enableMysql = true;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmLPJoHwL+d7dnc3aFLbRCDshxRSQ0dtAVv/LYBn2/PBlZcIyVO9drjr702GL9QuS5DQyjtoZjSOvv1ykBKedUwY3XDyyZgtqjleojKIFMXkdXtD5iG+RUraUfzcFCZU12BYXSeAXK1HmIjSDUtDOlp6lVVWxNpz1vWSRtA/+PULhP+n5Cj7232Wf372+EPfQPntOlcMbyrDLFtj7cUz+E6BH0qdX0l3QtIVnK/C1iagPAwLcwPJd9Sfs8lj5C4g8T9uBJa6OX+87lE4ySYY+Cik9BN59S0ctjXvWCFsPO3udQSC1mf33XdDenc2mbi+lZWTfrN8S2K5CsbxRsVBlbapFBRwufEpN4iQnaTu1QmzDrmktBFAPJ2jvjBJPIx6W3KOy3kUwh9WNhzd/ubf9dFTHzkTzgluo/Zk6/S8fTJiA4rbYKSkLw9Y265bvtR1kfUBLKSa/Axe5dkKysX1RNKfTJEwbh2TfIS3apQPZZc5kIEWfeK/6kbQX7WJZFtTs="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtMqcJDygWT16b7wF0qaagWUHj1+s6whMq0YRv47WA5"
];
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php
charset utf-8;
error_page 404 /index.php;
'';
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/robots.txt".extraConfig = ''
access_log off;
log_not_found off;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php$is_args$args;
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
};
}

36
hosts/web-arm/sites/autoconfig.cloonar.com.nix Normal file
View File

@@ -0,0 +1,36 @@
{ pkgs, lib, config, ... }:
let
domain = "autoconfig.cloonar.com";
in
{
services.go-autoconfig = {
enable = true;
settings = {
service_addr = ":1323";
domain = domain;
imap = {
server = "imap.cloonar.com";
port = 993;
};
smtp = {
server = "mail.cloonar.com";
port = 587;
starttls = true;
};
};
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:1323/";
};
};
services.nginx.virtualHosts."autoconfig.superbros.tv".extraConfig = ''
return 301 https://autoconfig.cloonar.com$request_uri;
'';
services.nginx.virtualHosts."autoconfig.korean-skin.care".extraConfig = ''
return 301 https://autoconfig.cloonar.com$request_uri;
'';
}

90
hosts/web-arm/sites/autoconfig.nix Normal file
View File

@@ -0,0 +1,90 @@
{ pkgs, lib, config, ... }:
let
domains = [
"cloonar.com"
"ghetto.at"
"optiprot.eu"
];
vhostConfig = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "/var/www/autoconfig";
# MS Outlook
locations."~* ^/autodiscover/autodiscover.xml".extraConfig = ''
root /var/www/autoconfig;
try_files /autodiscover.php =404;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_pass unix:${config.services.phpfpm.pools.autoconfig.socket};
'';
# Thunderbird
locations."/.well-known/autoconfig/mail/config-v1.1.xml".extraConfig = ''
root /var/www/autoconfig;
try_files /config-v1.1.php =404;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_pass unix:${config.services.phpfpm.pools.autoconfig.socket};
'';
# Apple devices
locations."/apple/get-mobileconfig".extraConfig = ''
root /var/www/autoconfig;
try_files /apple.php =404;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_pass unix:${config.services.phpfpm.pools.autoconfig.socket};
'';
# disable logging for Apple Touch Icons
locations."~ /apple-touch-icon(|-\d+x\d+)(|-precomposed).png".extraConfig = ''
log_not_found off;
access_log off;
'';
};
in
{
services.nginx.virtualHosts."autoconfig.cloonar.com" = vhostConfig;
services.nginx.virtualHosts."autoconfig.ghetto.at" = vhostConfig;
services.nginx.virtualHosts."autoconfig.optiprot.eu" = vhostConfig;
services.nginx.virtualHosts."autoconfig.superbros.tv" = vhostConfig;
services.nginx.virtualHosts."autoconfig.korean-skin.care" = vhostConfig;
systemd.services."phpfpm-autoconfig".serviceConfig.ProtectHome = lib.mkForce false;
services.phpfpm.pools."autoconfig" = {
user = "autoconfig";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
"access.log" = "/var/log/$pool.access.log";
};
phpPackage = pkgs.php;
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
users.users."autoconfig" = {
#isSystemUser = true;
isNormalUser = true;
createHome = true;
home = "/var/www/autoconfig";
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZg6mxd6kuB7zxxTMw/kgP2Cfddjnz8hCtSbzKckNBtM9TbnJ76ZbAjgh/TDcm/qBADlICi+Ib0tMlzK1BJWLxe1SjHOR78BPzPGASmjtj6vuNAFyM20Ise5rhbbo2sC6o82F6HP4iak+hFzhwTf0Ld1LT5dJ78CltKgHFmyKIaRYBILn5MvTnmORG2UfFY1Tef2DiujrQD24bM2f4BYR2Ni0zoyim8UUkjciQkXceB8yDJQX/e1WcNxGU7Bsh2WGZMu6Ykeinbf7LIu8pPGH2sf81N8tbsYc4PxZv9lovgRWdNNmSfB+Ocsn4jWBN9nVtb8XMXycTaenI4W57F+ZWrx0LddPhwfXbLAdFgxyvqtWW/WF48DH2vETQcCATowIhtU7QDZ3pDKaTIIYhDYnMvPJuM2rQP0SCMaNzQlziXWFvKTRw8nnqkpzTz488OJVkYvULXhiRgr0Uxe6eh7XCOO9SF5wdj1cGeewefOiOjpxmg/GnaQvQW6KjFRMj1ZE="
];
};
users.groups.autoconfig = {};
}

60
hosts/web-arm/sites/cloonar.com.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, lib, config, ... }:
let
domain = "cloonar.com";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $red Z;
if ($http_accept ~* "webp") {
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $red "''${red}B";
}
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp;
}
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
];
};
users.groups.${domain} = {};
}

60
hosts/web-arm/sites/cloonar.dev.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, lib, config, ... }:
let
domain = "cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $red Z;
if ($http_accept ~* "webp") {
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $red "''${red}B";
}
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp;
}
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
];
};
users.groups.${domain} = {};
}

141
hosts/web-arm/sites/diabetes-austria.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,141 @@
{ pkgs, lib, config, ... }:
let
domain = "diabetes-austria.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
systemd.services."phpfpm-${domain}".serviceConfig.ProtectHome = lib.mkForce false;
services.phpfpm.pools."${domain}" = {
user = domain;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
"access.log" = "/var/log/$pool.access.log";
};
phpPackage = pkgs.nur.repos.izorkin.php74;
phpEnv."PATH" = lib.makeBinPath [ pkgs.nur.repos.izorkin.php74 ];
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}/public";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
# TYPO3 - Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
extraConfig = ''
if (!-e $request_filename) {
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
'';
# TYPO3 - Block access to composer files
locations."~* composer\.(?:json|lock)".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to flexform files
locations."~* flexform[^.]*\.xml".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to language files
locations."~* locallang[^.]*\.(?:xml|xlf)$".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to static typoscript files
locations."~* ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to miscellaneous protected files
locations."~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql|sqlite)$".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to recycler and temporary directories
locations."~ _(?:recycler|temp)_/".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to configuration files stored in fileadmin
locations."~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to libraries, source and temporary compiled data
locations."~ ^(?:vendor|typo3_src|typo3temp/var)".extraConfig = ''
deny all;
'';
# TYPO3 - Block access to protected extension directories
locations."~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/".extraConfig = ''
deny all;
'';
locations."/".extraConfig = ''
index index.php index.html;
try_files $uri $uri/ /index.php$is_args$args;
'';
# TYPO3 Backend URLs
locations."/typo3$".extraConfig = ''
rewrite ^ /typo3/;
'';
locations."/typo3/".extraConfig = ''
try_files $uri /typo3/index.php$is_args$args;
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
fastcgi_index index.php;
'';
};
users.users."${domain}" = {
#isSystemUser = true;
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZg6mxd6kuB7zxxTMw/kgP2Cfddjnz8hCtSbzKckNBtM9TbnJ76ZbAjgh/TDcm/qBADlICi+Ib0tMlzK1BJWLxe1SjHOR78BPzPGASmjtj6vuNAFyM20Ise5rhbbo2sC6o82F6HP4iak+hFzhwTf0Ld1LT5dJ78CltKgHFmyKIaRYBILn5MvTnmORG2UfFY1Tef2DiujrQD24bM2f4BYR2Ni0zoyim8UUkjciQkXceB8yDJQX/e1WcNxGU7Bsh2WGZMu6Ykeinbf7LIu8pPGH2sf81N8tbsYc4PxZv9lovgRWdNNmSfB+Ocsn4jWBN9nVtb8XMXycTaenI4W57F+ZWrx0LddPhwfXbLAdFgxyvqtWW/WF48DH2vETQcCATowIhtU7QDZ3pDKaTIIYhDYnMvPJuM2rQP0SCMaNzQlziXWFvKTRw8nnqkpzTz488OJVkYvULXhiRgr0Uxe6eh7XCOO9SF5wdj1cGeewefOiOjpxmg/GnaQvQW6KjFRMj1ZE="
];
};
users.groups.${domain} = {};
services.mysqlBackup.databases = [ "diabetes_austria" ];
}

39
hosts/web-arm/sites/gbv-aktuell.at.nix Normal file
View File

@@ -0,0 +1,39 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."gbv-aktuell.at" = {
domainAliases = [ "www.gbv-aktuell.at" ];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYyLbVv9l/LhpNhmE3QO0f9Lg8d2Y8JiDdn/cNcmyfO"
];
phpPackage = pkgs.php81;
};
services.awstats = {
enable = true;
updateAt = "daily";
configs."gbv-aktuell.at" = {
webService = {
enable = true;
hostname = "gbv-aktuell.at";
};
logFile = "/var/log/nginx/access.log";
extraConfig = {
# ShowDaysOfWeekStats = "0";
# ShowHoursStats = "0";
# ShowDomainsStats = "0";
# ShowHostsStats = "0";
# "ShowRobotsStats" = "0";
# "ShowFileTypesStats" = "0";
# "ShowDownloadsStats" = "0";
# "ShowPagesStats" = "0";
# "ShowOSStats" = "0";
# "ShowBrowsersStats" = "0";
# "ShowOriginStats" = "0";
# "ShowKeyphrasesStats" = "0";
# "ShowKeywordsStats" = "0";
# "ShowMiscStats" = "0";
# "ShowHTTPErrorsStats" = "0";
};
};
};
}

10
hosts/web-arm/sites/gbv-aktuell.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."gbv-aktuell.cloonar.dev" = {
domainAliases = [ "typo3-gbv-aktuell.cloonar.com" ];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcDedq/yqC2ROzvZGTyR/tDSnTcL3LB32O2QhkgQmfn"
];
phpPackage = pkgs.php81;
};
}

71
hosts/web-arm/sites/gbv.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,71 @@
{ pkgs, lib, config, ... }:
let
domain = "gbv.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
systemd.services."phpfpm-${domain}".serviceConfig.ProtectHome = lib.mkForce false;
services.phpfpm.pools."${domain}" = {
user = domain;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "/var/log/$pool.error.log";
"php_admin_flag[log_errors]" = true;
"php_admin_value[display_errors]" = true;
"catch_workers_output" = true;
"access.log" = "/var/log/$pool.access.log";
};
phpPackage = pkgs.nur.repos.izorkin.php74;
phpEnv."PATH" = lib.makeBinPath [ pkgs.nur.repos.izorkin.php74 ];
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.php index.html;
try_files $uri $uri/ /index.php$is_args$args;
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
fastcgi_index index.php;
'';
};
users.users."${domain}" = {
isSystemUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
};
users.groups.${domain} = {};
services.mysqlBackup.databases = [ "gbv_stage" ];
}

117
hosts/web-arm/sites/matomo.cloonar.com.nix Normal file
View File

@@ -0,0 +1,117 @@
{ pkgs, lib, config, ... }:
let
domain = "matomo.cloonar.com";
dataDir = "/var/www/${domain}";
in {
systemd.services."phpfpm-${domain}".serviceConfig.ProtectHome = lib.mkForce false;
services.phpfpm.pools."${domain}" = {
user = domain;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "/var/log/$pool.php.error.log";
"php_admin_flag[log_errors]" = true;
"php_admin_value[display_errors]" = true;
"catch_workers_output" = true;
"access.log" = "/var/log/$pool.access.log";
};
phpPackage = pkgs.php83;
phpEnv."PATH" = lib.makeBinPath [ pkgs.php83 ];
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."~* ^.+\\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
fastcgi_index index.php;
'';
## serve all other files normally
locations."/".extraConfig = ''
index index.php index.html;
try_files $uri $uri/ /index.php$is_args$args;
'';
## disable all access to the following directories
locations."~ ^/(config|tmp|core|lang)".extraConfig = ''
deny all;
return 403; # replace with 404 to not show these directories exist
'';
locations."~ /\\.ht".extraConfig = ''
deny all;
return 403;
'';
locations."~ js/container_.*_preview\\.js$".extraConfig = ''
expires off;
add_header Cache-Control 'private, no-cache, no-store';
'';
locations."~ \\.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$".extraConfig = ''
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
'';
locations."~ ^/(libs|vendor|plugins|misc|node_modules)".extraConfig = ''
deny all;
return 403;
'';
## properly display textfiles in root directory
locations."~/(.*\\.md|LEGALNOTICE|LICENSE)".extraConfig = ''
default_type text/plain;
'';
};
users.users."${domain}" = {
isSystemUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
};
users.groups.${domain} = {};
systemd.services."matomo-archive" = {
startAt = "*-*-* 23:00:00";
serviceConfig = {
Type = "oneshot";
User = "${domain}";
ExecStart = "${pkgs.php83}/bin/php /var/www/${domain}/console --matomo-domain=matomo.cloonar.com core:archive";
};
};
services.mysqlBackup.databases = [ "matomo" ];
}

65
hosts/web-arm/sites/mehr-leistbaren-wohnraum-schaffen.at.nix Normal file
View File

@@ -0,0 +1,65 @@
{ pkgs, lib, config, ... }:
let
domain = "mehr-leistbaren-wohnraum-schaffen.at";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."www.${domain}" = {
enableACME = true;
forceSSL = true;
globalRedirect = domain;
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $red Z;
if ($http_accept ~* "webp") {
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $red "''${red}B";
}
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp;
}
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."mehr-leistbaren-wohnraum" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWrkjt5+tIGAi0Q9ViFlFARGxMxoDaxI7lu1AtIlluhOXvJrX33roxV+PF+ky6ZQFcwd5xRy1HkXkfsBJVlRstrZXiqbP9DaSO3arSTQmiezSWgeLD9r3aktsPINgENkMBSUgURVRDaO0B/PA5MylOoijFaxmHEFMa8ZNYwKj/tWKt6+NI9UxUW3fSZXipOohvdzPxoD5YjjlyivtQCbfcpFa46Q08TIiUNEBnSTIKbDuVGgNtKXd5ELRtl7HRcT9iwPfmmVPHVMXREnVma47pABe+54Qrh6N8MzSJLOLJy/kRM2iw/ovxGEWE8rPqaoPszaEPxDEpEmRMyqNb5ZAuWG3NvUOiU5rijSvP8H9QVubJyNC4DHYYeBa1Kw2iAqnzdsneyHz01vVRQh7qa4Aonuzk2VfrW08dJbMC7p6tpvQgkdGLrwetgwZRqdGpbWhRV4s816tuoBFTmM3gDWr5R6CAPmzmykhTi8IbJ5LTua5t7+82wIMA026BNvRbndk="
];
};
users.groups.${domain} = {};
}

60
hosts/web-arm/sites/mehr-leistbaren-wohnraum-schaffen.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, lib, config, ... }:
let
domain = "mehr-leistbaren-wohnraum-schaffen.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $red Z;
if ($http_accept ~* "webp") {
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $red "''${red}B";
}
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp;
}
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."mehr-leistbaren-wohnraum-dev" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWrkjt5+tIGAi0Q9ViFlFARGxMxoDaxI7lu1AtIlluhOXvJrX33roxV+PF+ky6ZQFcwd5xRy1HkXkfsBJVlRstrZXiqbP9DaSO3arSTQmiezSWgeLD9r3aktsPINgENkMBSUgURVRDaO0B/PA5MylOoijFaxmHEFMa8ZNYwKj/tWKt6+NI9UxUW3fSZXipOohvdzPxoD5YjjlyivtQCbfcpFa46Q08TIiUNEBnSTIKbDuVGgNtKXd5ELRtl7HRcT9iwPfmmVPHVMXREnVma47pABe+54Qrh6N8MzSJLOLJy/kRM2iw/ovxGEWE8rPqaoPszaEPxDEpEmRMyqNb5ZAuWG3NvUOiU5rijSvP8H9QVubJyNC4DHYYeBa1Kw2iAqnzdsneyHz01vVRQh7qa4Aonuzk2VfrW08dJbMC7p6tpvQgkdGLrwetgwZRqdGpbWhRV4s816tuoBFTmM3gDWr5R6CAPmzmykhTi8IbJ5LTua5t7+82wIMA026BNvRbndk="
];
};
users.groups.${domain} = {};
}

44
hosts/web-arm/sites/module.paraclub.at.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, lib, config, ... }:
let
domain = "module.paraclub.at";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwgjsgjxOSX4ZeLuhSq+JumnEa1bKS3fwlA8LDuxvOWXs2Zn4Hwa04ZuM59jzqifwGGMJOFxErm8+5oH2QQFa0wgg8zEG+2U1AzjMNk5+mxrhnLPGAMlnqXmkGi0Jj2nFwKaEM9kcO5UUqRP71BFdGtP74wRcaVpT4TTPzCQl1HTdwzmAOT+3yQ364kyAHXTwQOAjiFcSAlNfZ5C2eeNC642bv6Dfi6mMWi55tdNV6HUn7y2cbq8wscDG7gla8bN3xivuO6POWqyCpHtLxDhppLYJ28ZwqpcynRAXDnVYlT3DmPw1bDs/eBlkjauGR/oM8phka3No3cREBYpSWK7mJeqIIWSV0Z4dvFLeWh6MM4AVhX3HOW7jcxf2tUmpzre6S10HjXj3lLES7oJO4uOYoJWxaGcqFiUc9BOxqLN9FqECXuzfC0apCr0OYm5T2NsSmzlkBPzCa2EqBBI0u5XGcDKgpBA4gD8kuD+8Cj5DxPzXP+IdX1jhHRVsI5nucTvM="
];
};
users.groups.${domain} = {};
}

45
hosts/web-arm/sites/module.paraclub.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,45 @@
{ pkgs, lib, config, ... }:
let
domain = "module.paraclub.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwgjsgjxOSX4ZeLuhSq+JumnEa1bKS3fwlA8LDuxvOWXs2Zn4Hwa04ZuM59jzqifwGGMJOFxErm8+5oH2QQFa0wgg8zEG+2U1AzjMNk5+mxrhnLPGAMlnqXmkGi0Jj2nFwKaEM9kcO5UUqRP71BFdGtP74wRcaVpT4TTPzCQl1HTdwzmAOT+3yQ364kyAHXTwQOAjiFcSAlNfZ5C2eeNC642bv6Dfi6mMWi55tdNV6HUn7y2cbq8wscDG7gla8bN3xivuO6POWqyCpHtLxDhppLYJ28ZwqpcynRAXDnVYlT3DmPw1bDs/eBlkjauGR/oM8phka3No3cREBYpSWK7mJeqIIWSV0Z4dvFLeWh6MM4AVhX3HOW7jcxf2tUmpzre6S10HjXj3lLES7oJO4uOYoJWxaGcqFiUc9BOxqLN9FqECXuzfC0apCr0OYm5T2NsSmzlkBPzCa2EqBBI0u5XGcDKgpBA4gD8kuD+8Cj5DxPzXP+IdX1jhHRVsI5nucTvM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0j0teJ1v7Ke2NYVWlHOd4sYBiE8uLHAtY+Myi7g267"
];
};
users.groups.${domain} = {};
}

15
hosts/web-arm/sites/optiprot.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."optiprot.cloonar.dev" = {
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGNI6KmHlpwR8+oSm8fPdeE68kJ70oQ9EkYfhf6pqLT4Kg61WJtcF0Wl1leirnO87a30rxjK1cm69jqED6paAg8Hxf7u9+M1i+vNDVS9aZWU12rG3P8mBVW3oJFyi4PmmXNFdzc+nJTpIZVDdQqoV6I6ZsXupNvx8BaZgP/I+bMBU9+7vCvdsUVN/10+5l5FZOHGNNvDWFQKt1uGNY2xAfpNmxepLOMnC50ARfrR5UU777WxBoPBi12EXJbNbiv64JQ6Zz6/Aq6QjFaOPz+aX06uGuHWQPFCp3bw9Mc2QoO9Z/gGekDU1zzHzpxgS+MQgnuWCRJ5U6PhYSgCoQ3iUsvdiHah8LpJRtyZj1UcIeU0932sj7rxwbuGJHsn2QZAlGiIhumY3PatoOOxpb+05Q29Id5Ibf1rjH/zZZMD3LteWkgaLYVs66nbjt0HvIHiFsT2SBNjOfpL39vRVqsbM+BQ/oKmQrNIy7BzO/yzwKqb4ahtzEdzO0yKtgGuEYzyM="
];
locations."~ \"^/en/products/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"".extraConfig = ''
try_files $uri $uri/ /en/products/index.php?$args;
'';
locations."~ \"^/de/produkte/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"".extraConfig = ''
try_files $uri $uri/ /de/produkte/index.php?$args;
'';
phpPackage = pkgs.php81;
};
}

15
hosts/web-arm/sites/optiprot.eu.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."optiprot.eu" = {
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGNI6KmHlpwR8+oSm8fPdeE68kJ70oQ9EkYfhf6pqLT4Kg61WJtcF0Wl1leirnO87a30rxjK1cm69jqED6paAg8Hxf7u9+M1i+vNDVS9aZWU12rG3P8mBVW3oJFyi4PmmXNFdzc+nJTpIZVDdQqoV6I6ZsXupNvx8BaZgP/I+bMBU9+7vCvdsUVN/10+5l5FZOHGNNvDWFQKt1uGNY2xAfpNmxepLOMnC50ARfrR5UU777WxBoPBi12EXJbNbiv64JQ6Zz6/Aq6QjFaOPz+aX06uGuHWQPFCp3bw9Mc2QoO9Z/gGekDU1zzHzpxgS+MQgnuWCRJ5U6PhYSgCoQ3iUsvdiHah8LpJRtyZj1UcIeU0932sj7rxwbuGJHsn2QZAlGiIhumY3PatoOOxpb+05Q29Id5Ibf1rjH/zZZMD3LteWkgaLYVs66nbjt0HvIHiFsT2SBNjOfpL39vRVqsbM+BQ/oKmQrNIy7BzO/yzwKqb4ahtzEdzO0yKtgGuEYzyM="
];
locations."~ \"^/en/products/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"".extraConfig = ''
try_files $uri $uri/ /en/products/index.php?$args;
'';
locations."~ \"^/de/produkte/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"".extraConfig = ''
try_files $uri $uri/ /de/produkte/index.php?$args;
'';
phpPackage = pkgs.php81;
};
}

43
hosts/web-arm/sites/paraclub.at.nix Normal file
View File

@@ -0,0 +1,43 @@
{ pkgs, lib, config, ... }:
let
domain = "paraclub.at";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs="
];
};
users.groups.${domain} = {};
}

44
hosts/web-arm/sites/paraclub.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, lib, config, ... }:
let
domain = "paraclub.cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6QT0k58R90NrmDIjP1bNalHnwr9Y++tOhV9kRUVivI"
];
};
users.groups.${domain} = {};
}

61
hosts/web-arm/sites/stage.korean-skin.care.nix Normal file
View File

@@ -0,0 +1,61 @@
{ pkgs, lib, config, ... }:
let
user = "stage_korean_skin_care";
domain = "stage.korean-skin.care";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $red Z;
if ($http_accept ~* "webp") {
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $red "''${red}B";
}
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp;
}
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${user}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLGkR8JVFtyFnsXTooT/krORpPDdnFk612GW1agaOeG"
];
};
users.groups.${user} = {};
}

49
hosts/web-arm/sites/stage.myhidden.life.nix Normal file
View File

@@ -0,0 +1,49 @@
{ pkgs, lib, config, ... }:
{
services.webstack.instances."stage.myhidden.life" = {
enableDefaultLocations = false;
enableMysql = true;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmLPJoHwL+d7dnc3aFLbRCDshxRSQ0dtAVv/LYBn2/PBlZcIyVO9drjr702GL9QuS5DQyjtoZjSOvv1ykBKedUwY3XDyyZgtqjleojKIFMXkdXtD5iG+RUraUfzcFCZU12BYXSeAXK1HmIjSDUtDOlp6lVVWxNpz1vWSRtA/+PULhP+n5Cj7232Wf372+EPfQPntOlcMbyrDLFtj7cUz+E6BH0qdX0l3QtIVnK/C1iagPAwLcwPJd9Sfs8lj5C4g8T9uBJa6OX+87lE4ySYY+Cik9BN59S0ctjXvWCFsPO3udQSC1mf33XdDenc2mbi+lZWTfrN8S2K5CsbxRsVBlbapFBRwufEpN4iQnaTu1QmzDrmktBFAPJ2jvjBJPIx6W3KOy3kUwh9WNhzd/ubf9dFTHzkTzgluo/Zk6/S8fTJiA4rbYKSkLw9Y265bvtR1kfUBLKSa/Axe5dkKysX1RNKfTJEwbh2TfIS3apQPZZc5kIEWfeK/6kbQX7WJZFtTs="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW5N11DiAUBfjPFCcFX3CRzF6zAWD2sxMC1+IGC73/2"
];
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php
charset utf-8;
error_page 404 /index.php;
'';
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/robots.txt".extraConfig = ''
access_log off;
log_not_found off;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php$is_args$args;
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
phpOptions = ''
upload_max_filesize = 50M
post_max_size = 50M
'';
};
systemd.services."stage-myhidden-life-schedule" = {
startAt = "*:0/1:0";
serviceConfig = {
Type = "oneshot";
User = "stage_myhidden_life";
ExecStart = "${pkgs.php83}/bin/php /var/www/stage.myhidden.life/artisan schedule:run";
};
};
}

45
hosts/web-arm/sites/tandem.paraclub.at.nix Normal file
View File

@@ -0,0 +1,45 @@
{ pkgs, lib, config, ... }:
let
domain = "tandem.paraclub.at";
dataDir = "/var/www/${domain}";
user = builtins.replaceStrings ["." "-"] ["_" "_"] domain;
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${user}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpezoJfaqSlQKhbzIRxQysmSmU5tih0SGFh4Eiy3YjfxiJSCRCuVTBCUmnhDCPsJZK+5xEDGarO8UfiqxZfxEyEL5d7IcRQJ/uRSFhYzByGbkziLM760KYqBzaE2Siu+zk625KOm6BN9qWGZdirejwf1Ay9EYmUdNiCMBBFLkPaQkZ8IEuMavf1wHEiZLas25eK7oJWHYKltcluH05QEF+5ODu88nlSpFlz2FjxJSbLDf7qeUba/L2OL124dTU5NIDNzwZLCKjpp8aTYzTaoox7KXUVRmy1X4Or61WhSxw9+LGyrAZLsW+l0a4FgY17V5HnF5/jf8eOpkuVdwtd29KCheJ4BdUfomV8vEt6S0hUP66VqJn6MliuL+10KM6TjLnjg0McPp1LPuSFRoLzO0YetTZzeVc0oBIr9Z3vjm6jt1dYcUtaydn/fc+FgoqpIOLz6EOGCz/CmyaV4rLk2BFKqtx5GP1wbP36hVkyWpREbEMILpFKDOyp21fC67mb0M="
];
};
users.groups.${user} = {};
}

46
hosts/web-arm/sites/tandem.paraclub.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,46 @@
{ pkgs, lib, config, ... }:
let
domain = "tandem.paraclub.cloonar.dev";
dataDir = "/var/www/${domain}";
user = builtins.replaceStrings ["." "-"] ["_" "_"] domain;
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${user}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpezoJfaqSlQKhbzIRxQysmSmU5tih0SGFh4Eiy3YjfxiJSCRCuVTBCUmnhDCPsJZK+5xEDGarO8UfiqxZfxEyEL5d7IcRQJ/uRSFhYzByGbkziLM760KYqBzaE2Siu+zk625KOm6BN9qWGZdirejwf1Ay9EYmUdNiCMBBFLkPaQkZ8IEuMavf1wHEiZLas25eK7oJWHYKltcluH05QEF+5ODu88nlSpFlz2FjxJSbLDf7qeUba/L2OL124dTU5NIDNzwZLCKjpp8aTYzTaoox7KXUVRmy1X4Or61WhSxw9+LGyrAZLsW+l0a4FgY17V5HnF5/jf8eOpkuVdwtd29KCheJ4BdUfomV8vEt6S0hUP66VqJn6MliuL+10KM6TjLnjg0McPp1LPuSFRoLzO0YetTZzeVc0oBIr9Z3vjm6jt1dYcUtaydn/fc+FgoqpIOLz6EOGCz/CmyaV4rLk2BFKqtx5GP1wbP36hVkyWpREbEMILpFKDOyp21fC67mb0M="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILamV0WQER05HbpFlKjMBSv/mN3d1kzS0Jxf8O5p/T1L"
];
};
users.groups.${user} = {};
}