From ee508bb37c1cd0928ba0f2c2ff127a18556c4e96 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Mon, 22 Nov 2021 22:46:09 +0100
Subject: [PATCH] module(wp): more phpfpm fine tuning and user/groups + mysql

---
 modules/web-apps/wordpress/module.nix      | 26 +++++++++++++++++++++-
 modules/web-apps/wordpress/phpfpm-conf.nix |  5 ++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/modules/web-apps/wordpress/module.nix b/modules/web-apps/wordpress/module.nix
index 30d41f7..2849cea 100644
--- a/modules/web-apps/wordpress/module.nix
+++ b/modules/web-apps/wordpress/module.nix
@@ -30,10 +30,23 @@ in {
     };
     enablePageSpeed = mkOption {
       type = types.bool;
-      default = pkgs.stdenv.isLinux && appConfig.googlePageSpeed.enable;
+      default = false; # TODO: backport some patch first, pkgs.stdenv.isLinux && appConfig.googlePageSpeed.enable; - https://github.com/apache/incubator-pagespeed-ngx/issues/1735
+    };
+    user = mkOption {
+      type = types.str;
+      default = "wordpress";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "wordpress";
     };
   };
   config = mkIf cfg.enable {
+    users.users.${cfg.user} = {
+      inherit (cfg) group;
+    };
+    users.groups.${cfg.group} = {};
+
     environment.systemPackages = [ pkgs.wp-cli ];
 
     services.nginx = {
@@ -79,6 +92,7 @@ in {
 
     services.phpfpm = {
       pools.wordpress-pool = import ./phpfpm-conf.nix {
+        inherit (cfg) user group;
         inherit pkgs config phpFpmListen;
         phpPackage = php;
         processSettings = appConfig.phpFpmProcessSettings;
@@ -88,6 +102,16 @@ in {
     services.mysql = {
       enable = true;
       package = pkgs.mariadb;
+
+      ensureDatabases = [ "wordpress" ];
+      ensureUsers = [
+        {
+          name = cfg.user;
+          ensurePermissions = {
+            "wordpress.*" = "ALL PRIVILEGES";
+          };
+        }
+      ];
     };
   };
 }
diff --git a/modules/web-apps/wordpress/phpfpm-conf.nix b/modules/web-apps/wordpress/phpfpm-conf.nix
index 8f9ad8d..170af9b 100644
--- a/modules/web-apps/wordpress/phpfpm-conf.nix
+++ b/modules/web-apps/wordpress/phpfpm-conf.nix
@@ -1,10 +1,9 @@
-{ pkgs, config, phpFpmListen, processSettings, phpPackage }:
+{ pkgs, config, phpFpmListen, processSettings, phpPackage, user, group }:
 let
   lib = pkgs.lib;
 in
 {
-  inherit (config.services.nginx) user group;
-  inherit phpPackage;
+  inherit user group phpPackage;
   settings = {
     "listen.owner" = config.services.nginx.user;
     "listen.group" = config.services.nginx.group;