From 129d7ea780c19dd76c07fde55b2e260247fc682a Mon Sep 17 00:00:00 2001 From: Ranomier <> Date: Wed, 14 May 2025 22:59:09 +0200 Subject: [PATCH] feat: make it a module! --- hosts/ext-julia/default.nix | 7 +- hosts/ext-julia/wordpress.nix | 116 ----------------------------- modules/hosting/wordpress.nix | 133 ++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 118 deletions(-) delete mode 100644 hosts/ext-julia/wordpress.nix create mode 100644 modules/hosting/wordpress.nix diff --git a/hosts/ext-julia/default.nix b/hosts/ext-julia/default.nix index be1e78f..af92053 100644 --- a/hosts/ext-julia/default.nix +++ b/hosts/ext-julia/default.nix @@ -2,13 +2,16 @@ imports = [ ./boot.nix ./hardware-configuration.nix - - ((import ./wordpress.nix) {config=config; pkgs=pkgs; siteName="shop.kiezpalme.de"; port=80;}) + + ../../modules/hosting/wordpress.nix ../../modules/sec_auth/ssh-server.nix ../../system_profiles/server.nix ]; + services.cWordpress = { + enable = true; + }; services.openssh.ports = [11522]; users = let username = "root"; diff --git a/hosts/ext-julia/wordpress.nix b/hosts/ext-julia/wordpress.nix deleted file mode 100644 index e9c2ec3..0000000 --- a/hosts/ext-julia/wordpress.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ - config, - pkgs, - siteName ? "example-name", - sitePort ? 80, - ... -}: let - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; -in { - users = { - users = { - "${siteUser}" = { - isSystemUser = true; - group = siteGroup; - home = siteDataDir; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - ### 3) Service account for PHP-FPM pool - "${siteUserPhp}" = { - isSystemUser = true; - group = siteGroupPhp; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }; - - groups = { - "${siteGroup}" = {}; - "${siteGroupPhp}" = {}; - }; - }; - - services = { - mysql = { - enable = true; - package = pkgs.mariadb; - }; - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - extraConfig = '' - index index.php; - ''; - - # 6.2 Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; -} diff --git a/modules/hosting/wordpress.nix b/modules/hosting/wordpress.nix new file mode 100644 index 0000000..efa46c6 --- /dev/null +++ b/modules/hosting/wordpress.nix @@ -0,0 +1,133 @@ +{config, pkgs, lib, ...}: + +let + cfg = config.services.cWordpress; +in { + options = { + services.cWordpress = { + enable = lib.mkEnableOption "custom WordPress service"; + + siteName = lib.mkOption { + type = lib.types.str; + default = "example-name"; + description = ""; # TODO: + }; + sitePort = lib.mkOption { + type = lib.types.port; + default = 80; + description = ""; # TODO: + }; + }; + }; + + config = let + siteDataDir = "/srv/http/${cfg.siteName}"; + siteUser = "user-${cfg.siteName}"; + siteGroup = config.services.nginx.user; + siteUserPhp = "${siteUser}-php"; + siteGroupPhp = siteUserPhp; + sitePhpPool = "wordpress-${cfg.siteName}"; + in lib.mkIf cfg.enable { + users = { + users = { + "${siteUser}" = { + isSystemUser = true; + group = siteGroup; + home = siteDataDir; + createHome = false; + shell = "${pkgs.shadow}/bin/nologin"; + }; + + ### 3) Service account for PHP-FPM pool + "${siteUserPhp}" = { + isSystemUser = true; + group = siteGroupPhp; + home = "/var/empty"; + createHome = false; + shell = "${pkgs.shadow}/bin/nologin"; + }; + }; + + groups = { + "${siteGroup}" = {}; + "${siteGroupPhp}" = {}; + }; + }; + + services = { + mysql = { + enable = true; + package = pkgs.mariadb; + }; + + phpfpm.pools."${sitePhpPool}" = { + user = siteUserPhp; + group = siteGroupPhp; + + settings = { + # Socket ownership so Nginx can connect + "listen.owner" = config.services.nginx.user; + "listen.group" = siteGroupPhp; + "listen.mode" = "0660"; + + # Dynamic process management tuned for small sites + pm = "dynamic"; + "pm.max_children" = "5"; + "pm.start_servers" = "2"; + "pm.min_spare_servers" = "1"; + "pm.max_spare_servers" = "3"; + + # Logging + "catch_workers_output" = true; + "php_admin_flag[log_errors]" = true; + }; + }; + + nginx = { + enable = true; + virtualHosts."${cfg.siteName}" = { + default = true; + root = siteDataDir; + + listen = [ + { + addr = "0.0.0.0"; + port = cfg.sitePort; + ssl = false; + } + ]; + + # Fallback for pretty permalinks + locations."/" = { + tryFiles = "$uri $uri/ /index.php?$args"; + }; + extraConfig = '' + index index.php; + ''; + + # 6.2 Handle PHP scripts + locations."~ \\.php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include ${pkgs.nginx}/conf/fastcgi_params; + ''; + }; + }; + }; + }; + + # Bootstrap WordPress on activation + environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? + system.activationScripts."setupWordpress-${cfg.siteName}".text = '' + mkdir -p ${siteDataDir} + if [ ! -f ${siteDataDir}/wp-config.php ]; then + cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ + chown -R ${siteUser}:${siteGroup} ${siteDataDir} + chmod -R 755 ${siteDataDir} + fi + ''; + }; +}