Compare commits
3 Commits
536fc2b463
...
58089e558e
| Author | SHA1 | Date | |
|---|---|---|---|
| 58089e558e | |||
| 97b6874258 | |||
| 8ad0c4d336 |
@@ -3,6 +3,54 @@ let
|
||||
foundry-vtt = pkgs.callPackage ../pkgs/foundry-vtt {};
|
||||
cids = import ../modules/staticids.nix;
|
||||
hostConfig = config;
|
||||
url = "https://foundry-vtt.cloonar.com"; # URL to check
|
||||
targetService = "container@foundry-vtt.service"; # systemd unit to restart (e.g. "docker-container@myapp.service")
|
||||
threshold = 3; # consecutive failures before restart
|
||||
interval = "1min"; # how often to run
|
||||
timeoutSeconds = 10; # curl timeout
|
||||
|
||||
checkUrlScript = pkgs.writeShellScript "check-foundry-up" ''
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
URL="$1"
|
||||
TARGET="$2"
|
||||
THRESHOLD="$3"
|
||||
TIMEOUT="$4"
|
||||
|
||||
STATE_DIR="/run/url-watchdog"
|
||||
mkdir -p "$STATE_DIR"
|
||||
SAFE_TARGET="$(systemd-escape --path "$TARGET")"
|
||||
STATE_FILE="$STATE_DIR/$SAFE_TARGET.count"
|
||||
|
||||
TMP="$(mktemp)"
|
||||
# Get HTTP status; "000" if curl fails.
|
||||
status="$(curl -sS -m "$TIMEOUT" -o "$TMP" -w "%{http_code}" "$URL" || echo "000")"
|
||||
|
||||
fail=0
|
||||
if [[ "$status" == "502" || "$status" == "504" || "$status" == "000" ]]; then
|
||||
fail=1
|
||||
fi
|
||||
|
||||
count=0
|
||||
if [[ -f "$STATE_FILE" ]]; then
|
||||
count="$(cat "$STATE_FILE" 2>/dev/null || echo 0)"
|
||||
fi
|
||||
|
||||
if [[ "$fail" -eq 1 ]]; then
|
||||
count=$((count+1))
|
||||
else
|
||||
count=0
|
||||
fi
|
||||
|
||||
if [[ "$count" -ge "$THRESHOLD" ]]; then
|
||||
printf '[%s] %s failing (%s) %sx -> restarting %s\n' "$(date -Is)" "$URL" "$status" "$count" "$TARGET"
|
||||
systemctl restart "$TARGET"
|
||||
count=0
|
||||
fi
|
||||
|
||||
echo "$count" > "$STATE_FILE"
|
||||
rm -f "$TMP"
|
||||
'';
|
||||
in {
|
||||
users.users.foundry-vtt = {
|
||||
isSystemUser = true;
|
||||
@@ -70,4 +118,45 @@ in {
|
||||
system.stateVersion = "24.05";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."restart-foundry-vtt" = {
|
||||
description = "Restart foundry-vtt container";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl restart container@foundry-vtt.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers."restart-foundry-vtt" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
# 03:00 local time (Europe/Vienna for you)
|
||||
OnCalendar = "03:00";
|
||||
# If the machine was off at 03:00, run once at next boot
|
||||
Persistent = true;
|
||||
Unit = "restart-foundry-vtt.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.foundry-vtt-watchdog = {
|
||||
description = "Foundry VTT watchdog: restart ${targetService} on Nginx gateway errors";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${checkUrlScript} ${url} ${targetService} ${toString threshold} ${toString timeoutSeconds}";
|
||||
};
|
||||
# Ensure needed tools are on PATH inside the unit
|
||||
path = [ pkgs.curl pkgs.coreutils pkgs.systemd ];
|
||||
# Wait until networking is really up
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
};
|
||||
|
||||
systemd.timers.foundry-vtt-watchdog = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = interval;
|
||||
OnUnitActiveSec = interval;
|
||||
AccuracySec = "10s";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -41,8 +41,6 @@
|
||||
service = "wake_on_lan.send_magic_packet";
|
||||
data = {
|
||||
mac = "04:7c:16:d5:63:5e";
|
||||
broadcast_address = "${config.networkPrefix}.96.5";
|
||||
broadcast_port = 9;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
/home/dominik/projects/cloonar/updns
|
||||
/home/dominik/projects/cloonar/mcp-servers-nix
|
||||
/home/dominik/projects/cloonar/ldap2vcard
|
||||
/home/dominik/projects/accessowl/ao-domainscraping
|
||||
/home/dominik/projects/scana11y/sa-core
|
||||
|
||||
/home/dominik/projects/cloonar/flow/flow-docs
|
||||
/home/dominik/projects/cloonar/flow/flow-user-service
|
||||
|
||||
@@ -489,12 +489,6 @@ in
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
package = pkgs.firefox-devedition.overrideAttrs (a: {
|
||||
postInstall = a.postInstall or "" + ''
|
||||
wrapProgram "$out/bin/firefox" \
|
||||
export MOZ_ENABLE_WAYLAND=1
|
||||
'';
|
||||
});
|
||||
profiles = {
|
||||
default = {
|
||||
id = 0;
|
||||
@@ -575,7 +569,7 @@ in
|
||||
git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null
|
||||
git clone git@github.com:dpolakovics/mcp-servers-nix.git ${persistHome}/cloonar/mcp-servers-nix 2>/dev/null
|
||||
git clone gitea@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null
|
||||
git clone gitea@git.cloonar.com:AccessOwl/ao-domainscraping.git ${persistHome}/projects/accessowl/ao-domainscraping 2>/dev/null
|
||||
git clone gitea@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null
|
||||
|
||||
git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null
|
||||
git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null
|
||||
@@ -632,7 +626,10 @@ in
|
||||
home.file.".wallpaper.jpg".source = ./configs/wallpaper.jpg;
|
||||
home.file.".wallpaper.png".source = ./configs/wallpaper.png;
|
||||
home.file.".local/share/nvim/project_nvim/project_history".source = ./configs/project_history;
|
||||
home.file.".config/Cryptomator/settings.json".source = ./configs/cryptomator.json;
|
||||
home.file.".config/Cryptomator/settings.json" = {
|
||||
source = ./configs/cryptomator.json;
|
||||
force = true;
|
||||
};
|
||||
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
|
||||
@@ -33,39 +33,7 @@
|
||||
./modules/web/typo3.nix
|
||||
./modules/web/stack.nix
|
||||
|
||||
./sites/autoconfig.cloonar.com.nix
|
||||
./sites/feeds.cloonar.com.nix
|
||||
./sites/webmail.cloonar.com.nix
|
||||
|
||||
./sites/vcard.cloonar.dev.nix
|
||||
./sites/vcard.cloonar.com.nix
|
||||
|
||||
./sites/cloonar.com.nix
|
||||
./sites/gbv-aktuell.at.nix
|
||||
./sites/matomo.cloonar.com.nix
|
||||
./sites/support.cloonar.dev.nix
|
||||
./sites/stage.cloonar-technologies.at.nix
|
||||
|
||||
./sites/stage.scana11y.com.nix
|
||||
./sites/scana11y.com.nix
|
||||
|
||||
./sites/cloonar.dev.nix
|
||||
./sites/paraclub.at.nix
|
||||
./sites/api.paraclub.at.nix
|
||||
./sites/module.paraclub.at.nix
|
||||
./sites/tandem.paraclub.at.nix
|
||||
./sites/paraclub.cloonar.dev.nix
|
||||
./sites/api.paraclub.cloonar.dev.nix
|
||||
./sites/tandem.paraclub.cloonar.dev.nix
|
||||
./sites/module.paraclub.cloonar.dev.nix
|
||||
./sites/gbv-aktuell.cloonar.dev.nix
|
||||
./sites/stage.myhidden.life.nix
|
||||
./sites/stage.korean-skin.care.nix
|
||||
./sites/feeds.jordanrannells.com.nix
|
||||
./sites/dialog-relations.cloonar.dev.nix
|
||||
./sites/dialog-relations.at.nix
|
||||
./sites/lena-schilling.cloonar.dev.nix
|
||||
./sites/lena-schilling.at.nix
|
||||
./sites
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
@@ -108,6 +76,32 @@
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/nix-ssh-keys 0700 root root -"
|
||||
];
|
||||
sops.secrets.gitea-ssh-key = {
|
||||
path = "/var/lib/nix-ssh-keys/gitea_ed25519";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0600";
|
||||
};
|
||||
programs.ssh = {
|
||||
knownHosts = {
|
||||
"git.cloonar.com" = {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlUj7eEfS/4+z/3IhFhOTXAfpGEpNv6UWuYSL5OAhus";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
Host gitea-internal
|
||||
HostName git.cloonar.com
|
||||
User gitea
|
||||
Port 22
|
||||
IdentitiesOnly yes
|
||||
IdentityFile /var/lib/nix-ssh-keys/gitea_ed25519
|
||||
StrictHostKeyChecking yes
|
||||
'';
|
||||
};
|
||||
|
||||
# backups
|
||||
borgbackup.repo = "u149513-sub8@u149513-sub8.your-backup.de:borg";
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ authelia-session-secret: ENC[AES256_GCM,data:/x+cq/QsYyev30mnFiWSd1N+WCKBI4zgAcz
|
||||
authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:LWLWRJqhL3qA5w53KVVB1vPUgSVhWrnoaVvD2kqIXmfZXduqj3HYRyWnGuhBsJOrVtw9gX10VT9zADkZtuYjihMEgRF4h6BWhg/nmt2l3ancAkcnn+wkzGhfY/MWwRU74j3DFN4fNMgBRXpv54tzEzoSy5kN3VriYp8f80OsEtM=,iv:V1bzLRB4/Hg+wm/YAoPRVUkAzzRiKZPnBYWVtJ47qN0=,tag:jjgB/Ja2+A7pkASl1+dGRQ==,type:str]
|
||||
authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:gS6YDrngIePu4Uzio/y5JiJYDOJB+HWUlPgoP1jryvsPstfsw7YiksOYENn+ZgbSvjbk0VISSbGo+UH89r441+XBiCPqIVMLPAuSRnyEkVfG2RCSH9zF+SzrpGQreeg0q1TDDJF3YKoVotDKiq5qbagcd11VoNmbilCsrsjSV5wYdBQ3ahRm+283OBF3Coq5XcuF0mwpLuiDLsd9hEmPtaNlb/vd1c5bVMpgSEbPAG5RHaYJIr2zjt5HLNtZbldUbm4QWn4MZnvLHjtcZesTBpC7nvsKR65KJFBNDv7Ymdv3EODxo8J/RJrKVUaS09MfsW1wKIis3n3e+CSfTasRaFGlx1xC5o9b41+6BH18/+rchqivSUWnSikb4SNtKIFZTm9TklhVORWFgDrhthau5bluBGeUDdTOfuro0/bvIw8oKPsCoP5aXEzJDGugJRGCTAgI+qXBBSsLaTRlbDCQKcOozy0OQw7NvZGctOcQNvDzJfVkAPMc2Pph5ItaTWYh3MK9bEqmtCTtp7d/dWdSGjUly4EjhihxXdhbNX+BcaDdziZ/zQuxoTyKMdphAM65yYuAPyq35JnX37Z1i1Zis6lODZA9jxdUki8HTacNCh3Zd54nFD10RejErvXiXgsi0ilzBIaIe8xctPmWbwahabO+efKZ5MEixH2WX3+gb8l6gmEAYE75XfnWV0+QcL9ZvLkY8pUfNP1ZuN23NWNelT4JLPhdNip+l7DvxNVpIMxFmd0sTH452pslGKj/ESyyGl4c9ktwlJCc4+MFGLEIt7y2ZoEdddmO18bFs0TP+JY9GiSwoIQGt7ZnOSebG0MJLWLoVWi26V0QqaG06Ni1/XNHEBJuZD3vP+6sRL+0jMM5irIc5MNE8BkU5zyepaDPSC945ey8VyqDGI7HS5gL034nONvhALh/Lc+WW5uVAZKVSKBrtYUrXa+yyO0vzb42yr+9M5/r6UFW+4DrKtpked3RarakLhafwH4AQXE+ZohZYmVXl7XfD49MqwhWa04atOci5Hc3ZQ==,iv:dPslR8NX+8G8uLIo+wFT46U6XAR8ao2z6/rqzJRlEr4=,tag:Wbo1guFW/ggtZjLLNSoo7Q==,type:str]
|
||||
authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:AmefiXFJ7zEY0AHj7n61f0Ja/FqOf4Gj5WFb0SEf9ozXIlxXj3inayOPd5JB94VcVjNJ33u5XJhTzGwnN0v6QnF/iXdMBosXHdye7+v9H2GjUMFk1CKnsXgq4xEb2hHkYKdT+WBmZFksdjGw7Hl4ySGIWsFwBE3HHTNfQUFhtoEU19jQej8roFnAPIOCLHvskQ7V1OlKfMVdvIwnwep9qsuyNCMSuASjGvv8TDPQARk/1E7IJiROL/jvoTVKL1orcVNx3ibt7+HNsXCR3+g8ra4bKLRbPlKC6tQtdw98171xV83JlTtEEIPztzae0A+O9F7LMveSQveaqiBf/0YURueKQj/sH3nABGBSselO4tEQvudfrxJrQckFaQ4GB0/HoJlnRJsv6XJE5FDdcscIYFfzn6QGCookHhzITvwx/D7kubyZ/mZe/FMrp4Lv5XicUupaCTu1pflrhCpOwxh97Fiun02Ne4snWUAgVKlp7G7EhqDJV4KnNUbrCvpHvW09nNC2V71mkZm4LjLOg+jO0VazVGCzX8pgLm/Li4Tg7PhqQkQDsmgMw6tuxhRCDmzYytowAi4MmIQyewmAos3+TLoaaDb+DDSOhw3SqOX2FdCdEjvk7CY4NTCephvIFOtVpHTdmEX2UU3WNvMnC6/v1wmgQ2WsQQqp3IUvQrLlneAJ2tnBT9MdXvR8tYOBnInvwPzhE/FF1yh+eL/ujhHZ8d5RW8OfO/sIipQsMn+FsMqonbY8DJwQTOzwIa4AfNebeNeZnI/Y2XH149Ot+n2nbrf0stPyMo9xUPo5UBIBd8hsQq4cioEJKFJX2iWxJ7Cna2HxM0GC4FAKpFFrRCf6N8fFJ4U/PUNWX3sCJYvsI1Oq5oDxBmjl/r3SZ5vLumCxeDr9nulg72xxvUyzTA4cAOw5PRDk7Pvqm84Edoz+DzEdonRo4m+j8CU9JLrRS6jWLNDmenZvE4b5jEn6jthxoGzEm5cCoCT0G4BvrEqONq7CmETnGqqDs666qF3vP5UPrTMBwodeGmiPb6no70wuCs4wFSq+Cl6UxbqTPi2oIKSSS/P3XII1xTKIo7FXU4hniUs52awgQD27LfOM85MsibxPl3rp9SQndOmP56BwcE9d21iuEgRrZRhgZppK/rF3g6gyoPqJZGir/Sz50yHpf7DLZ9qiq71t32w/QODCzfMt3s9IvzR0T9xH4UvMauKNZO4+q0InahUNIqks1nUJnKW7a/+Q1nNPOcSDaRFJGOZUR25yaHBsXfOHcyemfIjJ+20gId6v52HBOPqWfIvAvRhNz46i/DUiwpeDSBmGxgQUMM97ruaJidCv6w1BCM4B4A0s9012Ksd4+UnQQEKX8oJ0TZtZbo8lqUyBk3GUOMFKtwMbn8k3CkQMIWTC4WftDXgAp2+jAu3hEV4rxm/+8uYjfNh8+/tTiOvCgJ8jQazJhan/+VDSDg0fk1DjEQBPP5ZAUl3vxw+pw1o5AnjvUOC+1KNBBUc6iUmGZ66NkjflJE5Zo7NC8MLc7D/YADmLQIYe3WwOAZsxg1AqsRkXUqRVAMhipv2RlKesCNpckivyzg3GbZlvcZjQS/bnZHZd8AuORpFnE2JvFD5QydlyFKvL3UdRVA/NkvWHPbQh/JrMCFLXlq5WNnZicx2ib6862B4JtEbNwZYjGKEvYkDXmfBgOx2AeetpO/C9rNNWJfa4SNGJC5D9+UFpoqIWv9YO6aDZ1S4flD+AXUzfoLKFBeLNsOswjwo67n/raQ//Upfpv2qKHYSY7KkWkam7So0uEZlVtrvGM0mkQSyNWY3KWdhII2gAvMzJ2C2iiJH+Geesi+E+29qCePFWJwyxCtf9jVXoR8E25UteMTvzyPRN/gjbRe/Zrbjj85sEQ9s2bDl77gpdC/+xKkZ56UiWA3ZceOG0Aij8yHP0Y+maY9+9Lh2T48LNPmuF9Qt7/IK0iixWZx0O0fzNrzY7HwQN9oFyYMiTILgYK3iVnSy3vIkDqgWfYdtNRurtAviFrSTRNefzvSah5D7TxoNbLqDcNJOMIMcRpxrHhygnP3yb+AFtpUZPiK0zfpybmgAePxWNk3Our7rSil03PXP71R9wwdwO+9N3kMuc4JS2ZnZ/Umz2zXf2tOfBnpkUqMF79VvcLBCVNa7IUucwBSIOkjdpW1f6Yu0b68gMFhBpAM2QNNnV7SL67HTt08rr0Y/k0hJDrXmTQarAb8Io+kSauegWdDyQaGbo71jTJQdIhG2Q4EfyuBGlXZ+rdC3jbbM1sjl/CKSujkSldBMEa2vp6a6aq+Ykt4qz+LN1pa0Oz4GZODY9s5iBoNgByYr++Kc+R0yRayaciZlhm27jALPyq1dBl0NG0F4ldE+KQciMPvpoPF8RBFIxviZrvpMU2ql/3dctoKkvpMXgSblX6iTyAxEeNwkmhDBfZyObrRIyTsDI2rUD3j9LQ+jTEk299cw8P2SGCQFNkl1itSxTyWoefZIEilL3YEgyxuIyDBzPLpmQzyMk4zrOu+zmJYFBm184Wk2Tt6e5b7VzfGurxnPhk/KpaPwJeTJPM44n9UQo/fpnNra89XUqty0fYg8fb2d4XnyMVc2ooZE6vmn8pi6QHwOr6vKhO6LEcok7f3MGafjPs/BW8J8aqGvLoKpEelSEEvhVhBlHQlxoulWZYG6sowGJdLcA95o0hsZmxvL7tB4OpS1ZFjN6Um+0wa0yj3yl1XNuYKmjV1IfXjwowgZ/Lb1tRRxAcxoT2mycr6d2wrbfS7huhTUNZBCHQizOiQcuoRlHeTvu/f8owAwuBb6r0wSGHyDhVmw5Ga73Fk4LkavAEKD1MW+tWeZtioIQT+PKrmVCrbqnx50xVaRmUAvpX5BRnznu06pWKna5Wa6gfjBz48IPGzgaPyRIzw4sdz1AB8ScUd2lT8Ihb/FTZAWOPzSR4CZeIyDvCWuQG89xgeq6bhlZxr7YA3jRIGxUqGq5h3s08k1zG6uCg/1LkythiRUp9rZPiHVVPWlpZl8W1YWhyJVGJVu5aQTgtRZRLlCg+pJvOmKzFLbJSRNv5xdXdTfEp0HTkVWDc+G58nONTz8oygyRIvw7OhSQeOKQtcr6Bzkt1LVIM5vloFGSr0gaI32Db43hiWv90v4mEXWdWDtsSLXyGipVyH8MpeghyMgm6Vps7ogujJVCEJrW2JLbcAvlnlXEDoVSx4qQMOqOFrhwfzDClBuXy7LEZ2bcWsVuNebOA0oZoEkfWkbNO3QX6vp/jUrPWhMu2orm0ZGNeaebXqauc0ueI8IbnBfSI/6DOoVd9MU4fyiApQvRL5jbAcDLHowIKWaSYpV/obVy8U6IvoaFpRJPiaeAo6yFLLEUemt3OrGiPhKrbuHSkHaNyUF5ywSf2Oz8a9eH1MWaSgFjdqLmBtmAogsHS+I1NIfVmytcKNQodPEk6LZjRKbiJ46U3D5/d6j8O7qZ0M6FbuEawTb98Mctx7O3RJJhJiaqdTfL9sS2Oxix5dY39e724iJQ5P1/96T3vGTnX3rV6VQ5/G9X1tfFBSobV0h6iQccH3aUQUPyiRCquxhzRDuo8jkzYIv4TLLFF9Z1mE/FAFkOrNJfIaJ0kppQmAN9JkVdoIvmKBinn1fjK+vGgeOHEdMboSZhbeioW2qRMxkdNQhOMWOUEQ7BHLzxpKUyQiOFmPPnCUEUja5KCvIw/AgTN7p0Ep+WtWmnVedIKG3CZory2a91lFzF574PAAbf4buITM9N4FG/vqoe1k1iLW0WGRgMCYAhUJ9J+ZkV1VHJD86E+ZnAKtM5oEfCs4/eRnOxG/nY4iL+0KIZn47LoEAyFpWuJN9yATT+GwFWXvswDbMD9xm0v3SCL6fjSFIzPzy1WBAKpd5HT2FBElVru5Gk2r4nPA1In6T+Ke7qkcK8bbiyNJSNcLNJfYC8J4NWxV7cTjShOv2RoAV5m9dnB5RZW5/DMQL+aOzfjm178lmuzDfWGa30vRwc6qXxEYsV+tdo7ATldTzAjzuTDMg+M+6NTYNIlLAwQKxs0oHEuqwuhKXjQSw3ZVFRST9oYf6sNFoRMkrWkkV10uvch0NRRCSMR8KtnvfGDrvSqWfVZINEzWZLgtwXvyQ/1TFF203RdeUXzW6pj24R2FNKyMGKHaRyHnrnyNtMEskMuvMiN9nr34o+Tt6hCj/R4bMT42USeTI3oRyRI+vq+fuJADZ03JBXXEC7TJp+K6XGSUowLD8fJxclnTypbHa9rI9dHngxTkkeMxsRwPsYYVT8HCB5D38IsNI15ONRWI9K/kFfVyMEQq/KQ7/Uc5VuhfgXoG64vX73,iv:F/oBMW+PX6ogxHSYMWRS7liolMOc5rqwIJbwYj+J9DM=,tag:7HpCNkBWKFCGoNCq2iK3YQ==,type:str]
|
||||
gitea-ssh-key: ENC[AES256_GCM,data:tLBxtfAN5ZVtfcmmOMBanTMT1biR2gXmIf3Y23KIlhjSKQpYUyyTRhD8jvZo6tzNVUhmH4GB+Pq3JK5vjFkhWzfHb7ZwwsUhbk70BkeMpgVvmMgoLkEWnDoaBm92QkwC8oZ4jlga5V0Zc6Is4f0GSd8BqysP8oGSUXtovDM2l3a3SkJqWxonGLADf6Ne0kow7iNFP5Etfsdy/icINDDDgePCozgU3armaO3OuodyCjNvFOjvdfVrSLgUTNhXCpPxcx3gaOGd/IBGxHp1ghkP118BpgGG2s4sV80vTDv4TJmK/yt53g9gQYEARDAH6XXD39MRQzhCIdXt08GbujSYI1bD0/RcAkD3+tDEDdsvnoFyyYYAJPViTwsjLdvFtFZE/MHwZonUfjMtPI0jTWjUJzvuTzF7lv+YxYpdNoC+FJcf04qlBDgauOzMZVsyD+jgQCOFfQor3n72xeqaLP5TfTPbTxr+ZkThmnoOSOvSx7w8MCyz+JrKUc5Q2nJXp5uVnqdU5zh6x/KRpTNNCjOk,iv:q+hZ+F2IUil6Lew40Z9Yn+uFdT/Y4uyXcibeL9HsXGQ=,tag:JlDjIykE996qaPuZvmTpOg==,type:str]
|
||||
grafana-ldap-password: ENC[AES256_GCM,data:hNB6CRtXW98yqUqInD3LsZ75sA+lVfmbooehni0UKL60qE/XCZm5B9JVO9pjxbIYZN6Eu/RFX+9L9cJVa5jnEo2MVeLS4CSjqC8BHLArlOuEdA5v8vqqJofBpBfXXN5Ca5xeUDJKz2HgtoTg7G5nTkegGZPGrmj5QQiL1xzco38=,iv:ViQAPTGxEWnjLkJlGCdCq5wW+fbr/O9er8/71VjL/GE=,tag:+Mow4cw7tvtkXvV2iSHeQw==,type:str]
|
||||
grafana-admin-password: ENC[AES256_GCM,data:365efRy8xD7SHBnVz6ZJO3l8/lfiZ5vZPZZbxnUmjKKJTMeebLY+P54moStY0wsbU9vk7sCKATCxrS5xy+FQJSgKLoajfz50OMA4+1k3Shl+skbeIikHKwFxqrljFa6HRQ2HTW6KLDPu6Z5Agkima5xdfrtc5R1SnOFg5b6D5NU=,iv:0yZGZVQd35Itj66Ff5hDfDYYx5xsNs/wc887bgMV1MY=,tag:9t8Iffg7kxSjE5eo7iv/RQ==,type:str]
|
||||
grafana-oauth-secret: ENC[AES256_GCM,data:OXsKChjgnDEKG58LarUpdJlDy4FJTrs1lrHH9I4wO+OGb+XdOPokyXSq0Om7aYhp2g40rBcQzfj5tQcgjmvZ27He93HfgxST,iv:pSiu/2G+D/wd2+FormfGiXMm2Ps/5iDDHqUnsIJ37EY=,tag:UN2IZ6/aJJSEcTmXeD9CAQ==,type:str]
|
||||
@@ -63,7 +64,7 @@ sops:
|
||||
elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ
|
||||
iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T19:06:34Z"
|
||||
mac: ENC[AES256_GCM,data:gSChxNZosx/pFT61RzHoxJZJGlWyFOFgoItL8uArKIb4rEpKKe+2zHCY59ufIEwaXV1XBHleBqRXc+NvSYFNpwe+5y0GXx6XyU8uezxxC9AwFcr1JZK6+747tY+LNbTBxSURPOAxuGAT63Ivjq+jyTTv2FsfhzdUanF39k2m3xw=,iv:mCNpOh1tTn4PA2+a6l0uijnrorUnyGJbzwQ8Y43Ldhk=,tag:frVneXTzLYljrFrO68Jmog==,type:str]
|
||||
lastmodified: "2025-09-09T08:23:15Z"
|
||||
mac: ENC[AES256_GCM,data:3+6fJxps4pKgGfLdwKq2FMhjxSjCqjmO1QUMeyGRjguEsCTbFrHmQmVjYHkTxADdy0oLBjvKzlZ7iucf2ruJUKr7igq8h30xENyFWnnm25k5dyp03rf9fm11Pzp/IHkPISrUptjC5Q6Azuwfvmso2lqWgc2AH9sTZVYpDS/yJlg=,iv:vktpxPUTVQNWGHyNKsRaFVo5Gx7VnvBw9CiXFOZOLj0=,tag:CWr5G7pRPw89m4neLjHsHw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
37
hosts/web-arm/sites/default.nix
Normal file
37
hosts/web-arm/sites/default.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./autoconfig.cloonar.com.nix
|
||||
./feeds.cloonar.com.nix
|
||||
./webmail.cloonar.com.nix
|
||||
|
||||
./vcard.cloonar.dev.nix
|
||||
./vcard.cloonar.com.nix
|
||||
|
||||
./cloonar.com.nix
|
||||
./gbv-aktuell.at.nix
|
||||
./matomo.cloonar.com.nix
|
||||
./support.cloonar.dev.nix
|
||||
./stage.cloonar-technologies.at.nix
|
||||
|
||||
./stage.scana11y.com.nix
|
||||
./scana11y.com.nix
|
||||
|
||||
./cloonar.dev.nix
|
||||
./paraclub.at.nix
|
||||
./api.paraclub.at.nix
|
||||
./module.paraclub.at.nix
|
||||
./tandem.paraclub.at.nix
|
||||
./paraclub.cloonar.dev.nix
|
||||
./api.paraclub.cloonar.dev.nix
|
||||
./tandem.paraclub.cloonar.dev.nix
|
||||
./module.paraclub.cloonar.dev.nix
|
||||
./gbv-aktuell.cloonar.dev.nix
|
||||
./stage.myhidden.life.nix
|
||||
./stage.korean-skin.care.nix
|
||||
./feeds.jordanrannells.com.nix
|
||||
./dialog-relations.cloonar.dev.nix
|
||||
./dialog-relations.at.nix
|
||||
./lena-schilling.cloonar.dev.nix
|
||||
./lena-schilling.at.nix
|
||||
];
|
||||
}
|
||||
@@ -27,10 +27,50 @@ in {
|
||||
add_header Cache-Control "public";
|
||||
'';
|
||||
|
||||
locations."~ [^/]\.php(/|$)".extraConfig = ''
|
||||
deny all;
|
||||
locations."~ [^/]\\.php(/|$)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_buffers 8 16k;
|
||||
fastcgi_connect_timeout 240s;
|
||||
fastcgi_read_timeout 240s;
|
||||
fastcgi_send_timeout 240s;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
||||
fastcgi_index index.php;
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
systemd.services."phpfpm-${domain}" = {
|
||||
serviceConfig = {
|
||||
ProtectHome = lib.mkForce "tmpfs";
|
||||
BindPaths = "BindPaths=/var/www/${domain}:/var/www/${domain}";
|
||||
};
|
||||
};
|
||||
|
||||
services.phpfpm.pools."${domain}" = {
|
||||
user = user;
|
||||
settings = {
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.max_requests" = 500;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 5;
|
||||
"php_admin_value[error_log]" = "syslog";
|
||||
"php_admin_value[max_execution_time]" = 240;
|
||||
"php_admin_value[max_input_vars]" = 1500;
|
||||
"access.log" = "/var/log/$pool.access.log";
|
||||
};
|
||||
phpPackage = pkgs.php84;
|
||||
phpEnv."PATH" = pkgs.lib.makeBinPath [ pkgs.php84 ];
|
||||
};
|
||||
|
||||
users.users."${user}" = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
|
||||
Reference in New Issue
Block a user