mirror of
https://codeberg.org/jopejoe1/nix-conf.git
synced 2025-01-04 09:56:34 +01:00
add wp test zap
This commit is contained in:
parent
50e28c3878
commit
dea43e0e2c
2 changed files with 142 additions and 48 deletions
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./wp-test.nix
|
||||
];
|
||||
jopejoe1 = {
|
||||
local.enable = true;
|
||||
nix.enable = true;
|
||||
|
@ -37,24 +40,13 @@
|
|||
proxyPass = "http://localhost:8085/";
|
||||
};
|
||||
};
|
||||
"doc.missing.ninja" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000/";
|
||||
};
|
||||
};
|
||||
"testing.missing.ninja"= {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
"db.missing.ninja" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://134.255.219.135:8000/";
|
||||
};
|
||||
};
|
||||
#"db.missing.ninja" = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://134.255.219.135:8000/";
|
||||
# };
|
||||
# };
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
@ -63,19 +55,9 @@
|
|||
defaults.email = "admin@missing.ninja";
|
||||
};
|
||||
|
||||
services.jitsi-meet = {
|
||||
enable = false;
|
||||
hostName = "meet.missing.ninja";
|
||||
nginx.enable = true;
|
||||
};
|
||||
|
||||
services.cloud-init.enable = true;
|
||||
services.cloud-init.network.enable = true;
|
||||
|
||||
services.rss-bridge.enable = false;
|
||||
services.rss-bridge.virtualHost = "rss.missing.ninja";
|
||||
services.rss-bridge.whitelist = [ "*" ];
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
|
@ -107,13 +89,6 @@
|
|||
|
||||
services.openssh.ports = [ 8081 22 ];
|
||||
|
||||
services.hedgedoc = {
|
||||
enable = false;
|
||||
settings.domain = "doc.missing.ninja";
|
||||
settings.host = "localhost";
|
||||
settings.port = 3000;
|
||||
settings.protocolUseSSL = true;
|
||||
};
|
||||
services.surrealdb.enable = false;
|
||||
services.surrealdb.host = "134.255.219.135";
|
||||
|
||||
|
@ -146,17 +121,4 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.wordpress = {
|
||||
webserver = "nginx";
|
||||
sites."testing.missing.ninja" = {
|
||||
languages = [ pkgs.wordpressPackages.languages.de_DE ];
|
||||
settings = {
|
||||
WPLANG = "de_DE";
|
||||
};
|
||||
virtualHost = {
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
132
systems/zap/wp-test.nix
Normal file
132
systems/zap/wp-test.nix
Normal file
|
@ -0,0 +1,132 @@
|
|||
{}:
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"wp.missing.ninja" = {
|
||||
serverName = "wp.missing.ninja";
|
||||
root = "/var/www/wordpress/";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
'';
|
||||
locations = {
|
||||
"/" = {
|
||||
priority = 200;
|
||||
extraConfig = ''
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
'';
|
||||
};
|
||||
"~ \\.php$" = {
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.wordpress.socket};
|
||||
fastcgi_index index.php;
|
||||
include "${config.services.nginx.package}/conf/fastcgi.conf";
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||||
# Mitigate https://httpoxy.org/ vulnerabilities
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
fastcgi_intercept_errors off;
|
||||
fastcgi_buffer_size 16k;
|
||||
fastcgi_buffers 4 16k;
|
||||
fastcgi_connect_timeout 300;
|
||||
fastcgi_send_timeout 300;
|
||||
fastcgi_read_timeout 300;
|
||||
'';
|
||||
};
|
||||
"~ /\\." = {
|
||||
priority = 800;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~* /(?:uploads|files)/.*\\.php$" = {
|
||||
priority = 900;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = {
|
||||
priority = 1000;
|
||||
extraConfig = ''
|
||||
expires max;
|
||||
log_not_found off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.users.www-wordpress= {
|
||||
isNormalUser = true;
|
||||
group = "www-wordpress";
|
||||
packages = with pkgs; [
|
||||
git # maybe you want or need this
|
||||
php82 # specify whatever version you want
|
||||
php82.packages.composer
|
||||
];
|
||||
};
|
||||
|
||||
users.groups.www-wordpress = { };
|
||||
|
||||
services.phpfpm.pools.wordpress = {
|
||||
phpPackage = pkgs.php82;
|
||||
user = "www-wordpress";
|
||||
group = "www-wordpress";
|
||||
settings = {
|
||||
"listen.owner" = config.services.nginx.user; # or nginx, httpd, etc...
|
||||
"listen.group" = config.services.nginx.group;
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 4;
|
||||
"pm.max_requests" = 500;
|
||||
};
|
||||
};
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
#ensureDatabases = [ "www-wordpress" ];
|
||||
#ensureUsers = [
|
||||
# {
|
||||
# name = "www-wordpress";
|
||||
# ensurePermissions = { "www-wordpress.*" = "ALL PRIVILEGES"; };
|
||||
# }
|
||||
#];
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
|
||||
secretsScript = hostStateDir: ''
|
||||
# The match in this line is not a typo, see https://github.com/NixOS/nixpkgs/pull/124839
|
||||
grep -q "LOOGGED_IN_KEY" "${hostStateDir}/secret-keys.php" && rm "${hostStateDir}/secret-keys.php"
|
||||
if ! test -e "${hostStateDir}/secret-keys.php"; then
|
||||
umask 0177
|
||||
echo "<?php" >> "${hostStateDir}/secret-keys.php"
|
||||
${lib.concatMapStringsSep "\n" (var: ''
|
||||
echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
|
||||
'') secretsVars}
|
||||
echo "?>" >> "${hostStateDir}/secret-keys.php"
|
||||
chmod 440 "${hostStateDir}/secret-keys.php"
|
||||
fi
|
||||
'';
|
||||
in
|
||||
{
|
||||
"wordpress-init" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-wordpress.service" ];
|
||||
after = [ "mysql.service" ];
|
||||
script = secretsScript "/var/www/wordpress/";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "www-wordpress";
|
||||
Group = "nginx";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue