Ranomier/NixToSee
Ranomier/NixToSee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip: add julia server with wordpress

Browse source
This commit is contained in:
Ranomier 2025-05-13 19:02:56 +02:00
parent 3efa686d83
commit e831b0f402
8 changed files with 198 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
certificates/id_ed25519_ext-julia.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtsLGI/S6473jzw4BlWTRfxVO7mhEhClRF0gzpexG9V game-luanti

11
hosts/ext-julia/boot.nix Normal file
View file

@ -0,0 +1,11 @@
{
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
# efiSupport = true;
# efiInstallAsRemovable = true;
# Define on which hard drive you want to install Grub.
device = "/dev/vda"; # or "nodev" for efi only
};
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
}

20
hosts/ext-julia/default.nix Normal file
View file

@ -0,0 +1,20 @@
{config, pkgs, ...}:{
imports = [
./boot.nix
./hardware-configuration.nix
((import ./wordpress.nix) {config=config; pkgs=pkgs; siteName="shop.kiezpalme.de"; port=80;})
../../modules/sec_auth/ssh-server.nix
../../system_profiles/server.nix
];
services.openssh.ports = [11522];
users = let
username = "root";
in {
users."${username}".openssh.authorizedKeys.keyFiles = [
../../certificates/id_ed25519_ext-julia.pub
];
};
}

37
hosts/ext-julia/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

116
hosts/ext-julia/wordpress.nix Normal file
View file

@ -0,0 +1,116 @@
{
config,
pkgs,
siteName ? "example-name",
sitePort ? 80,
...
}: let
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
in {
users = {
users = {
"${siteUser}" = {
isSystemUser = true;
group = siteGroup;
home = siteDataDir;
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
### 3) Service account for PHP-FPM pool
"${siteUserPhp}" = {
isSystemUser = true;
group = siteGroupPhp;
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
};
groups = {
"${siteGroup}" = {};
"${siteGroupPhp}" = {};
};
};
services = {
mysql = {
enable = true;
package = pkgs.mariadb;
};
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# 6.2 Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip];
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
'';
}

2
modules/sec_auth/ssh-server.nix
View file

@ -7,7 +7,7 @@
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "yes"; PermitRootLogin = "yes";
X11Forwarding = true; X11Forwarding = false;
}; };
}; };
} }

8
modules/serial-console.nix Normal file
View file

@ -0,0 +1,8 @@
{
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
";
}

5
outputs.nix
View file

@ -16,11 +16,14 @@ in {
nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) { nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) {
crocoite = {stateVersion = "24.05";}; crocoite = {stateVersion = "24.05";};
jitsi = {stateVersion = "24.11";}; #jitsi = {stateVersion = "24.11";};
game-luanti = { game-luanti = {
stateVersion = "25.05"; stateVersion = "25.05";
unstable = true; unstable = true;
}; };
ext-julia = {stateVersion = "24.11";};
}; };
# Your custom packages # Your custom packages