module(wp): more phpfpm fine tuning and user/groups + mysql

modules/web-apps/wordpress/module.nix

@@ -30,10 +30,23 @@ in {
     };
     enablePageSpeed = mkOption {
       type = types.bool;
-      default = pkgs.stdenv.isLinux && appConfig.googlePageSpeed.enable;
+      default = false; # TODO: backport some patch first, pkgs.stdenv.isLinux && appConfig.googlePageSpeed.enable; - https://github.com/apache/incubator-pagespeed-ngx/issues/1735
+    };
+    user = mkOption {
+      type = types.str;
+      default = "wordpress";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "wordpress";
     };
   };
   config = mkIf cfg.enable {
+    users.users.${cfg.user} = {
+      inherit (cfg) group;
+    };
+    users.groups.${cfg.group} = {};
+
     environment.systemPackages = [ pkgs.wp-cli ];
 
     services.nginx = {
@@ -79,6 +92,7 @@ in {
 
     services.phpfpm = {
       pools.wordpress-pool = import ./phpfpm-conf.nix {
+        inherit (cfg) user group;
         inherit pkgs config phpFpmListen;
         phpPackage = php;
         processSettings = appConfig.phpFpmProcessSettings;
@@ -88,6 +102,16 @@ in {
     services.mysql = {
       enable = true;
       package = pkgs.mariadb;
+
+      ensureDatabases = [ "wordpress" ];
+      ensureUsers = [
+        {
+          name = cfg.user;
+          ensurePermissions = {
+            "wordpress.*" = "ALL PRIVILEGES";
+          };
+        }
+      ];
     };
   };
 }

modules/web-apps/wordpress/phpfpm-conf.nix

@@ -1,10 +1,9 @@
-{ pkgs, config, phpFpmListen, processSettings, phpPackage }:
+{ pkgs, config, phpFpmListen, processSettings, phpPackage, user, group }:
 let
   lib = pkgs.lib;
 in
 {
-  inherit (config.services.nginx) user group;
+  inherit user group phpPackage;
-  inherit phpPackage;
   settings = {
     "listen.owner" = config.services.nginx.user;
     "listen.group" = config.services.nginx.group;