{ config, pkgs, lib, ... }: with lib; let cfg = config.services.wordpress; callPackage = pkgs.callPackage; appConfig = (import ./default-app-config.nix).extend (self: super: { inherit (cfg) domain; wpConfig = super.wpConfig.extend (self: super: { secrets = cfg.wpConfigSecrets; }); }); writeableDataPath = "/var/lib/phpfpm/${appConfig.name}"; phpFpmListen = "/run/phpfpm/wordpress-pool.sock"; php = import ./php-config.nix { inherit pkgs config appConfig; php = pkgs.php74; }; phpIni = php.phpIni; app = callPackage ./app.nix { inherit appConfig; writeable = { sysPath = writeableDataPath; owner = config.services.nginx.user; }; }; in { disabledModules = [ "services/web-apps/wordpress.nix" ]; options.services.wordpress = { enable = mkEnableOption "Enable the WordPress module"; domain = mkOption { type = types.str; }; wpConfigSecrets = mkOption { type = types.str; }; enablePageSpeed = mkOption { type = types.bool; default = false; # TODO: backport some patch first, pkgs.stdenv.isLinux && appConfig.googlePageSpeed.enable; - https://github.com/apache/incubator-pagespeed-ngx/issues/1735 }; user = mkOption { type = types.str; default = "wordpress"; }; group = mkOption { type = types.str; default = "wordpress"; }; }; config = mkIf cfg.enable { users.users.${cfg.user} = { isSystemUser = true; inherit (cfg) group; }; users.groups.${cfg.group} = {}; environment.systemPackages = [ pkgs.wp-cli ]; services.nginx = { enable = true; additionalModules = with pkgs.nginxModules; [ dav cache-purge moreheaders ] ++ optional cfg.enablePageSpeed pagespeed; virtualHosts."${cfg.domain}" = { root = app.package; locations."/" = { tryFiles = "$uri/index.html $uri $uri/ /index.php?$query_string"; }; # fast cgi conf locations."~ [^/]\\.php(/|$)" = { extraConfig = '' index index.html index.htm index.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${phpFpmListen}; fastcgi_index index.php; ''; }; }; }; systemd.services.init-writeable-paths = { description = "Initialize writeable directories for the app"; before = [ "phpfpm.service" ]; after = [ "network.target" ]; wantedBy = [ "multi-user.target" "phpfpm.service" "nginx.service" ]; serviceConfig = { Type = "oneshot"; ExecStart = app.initScript; }; }; systemd.services.install-wp = let deps = [ "init-writeable-paths.service" "mysql.service" ]; in { enable = appConfig.autoInstall.enable; description = "Configure WordPress installation with WP-CLI"; before = [ "nginx.service" ]; after = deps; wants = deps; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; ExecStart = import ./install-wp.nix { inherit pkgs config appConfig writeableDataPath; appPackage = app.package; }; }; environment.PHP_INI_SCAN_DIR = let customIni = pkgs.writeTextDir "wp-cli-custom.ini" phpIni; in "${pkgs.php}/etc:${customIni}"; }; services.phpfpm = { pools.wordpress-pool = import ./phpfpm-conf.nix { inherit (cfg) user group; inherit pkgs config phpFpmListen; phpPackage = php; processSettings = appConfig.phpFpmProcessSettings; }; }; services.mysql = { enable = true; package = pkgs.mariadb; ensureDatabases = [ "wordpress" ]; ensureUsers = [ { name = cfg.user; ensurePermissions = { "wordpress.*" = "ALL PRIVILEGES"; }; } ]; }; }; }