lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

feat(wordpress): container

Browse source
This commit is contained in:
catvayor 2024-10-27 09:16:42 +01:00
parent 545b05ebe5
commit bc23fda1c2
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 128 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
kat/default.nix
View file

@ -15,6 +15,9 @@ with lib;
"${sources.disko}/module.nix" "${sources.disko}/module.nix"
]; ];
options.kat = { options.kat = {
addArgs = mkEnableOption "the extra arguments" // {
default = true;
};
wireguardPubKey = mkOption { wireguardPubKey = mkOption {
type = types.str; type = types.str;
}; };
@ -26,12 +29,14 @@ with lib;
readOnly = true; readOnly = true;
}; };
}; };
config = { config = mkMerge [
(mkIf config.kat.addArgs {
_module.args = { _module.args = {
ssh-keys = import ./ssh-keys { inherit lib; }; ssh-keys = import ./ssh-keys { inherit lib; };
kat-path = ./.; kat-path = ./.;
}; };
})
{
kat = { kat = {
anywhere = pkgs.writeShellApplication { anywhere = pkgs.writeShellApplication {
name = "anywhere-deploy_${name}.sh"; name = "anywhere-deploy_${name}.sh";
@ -92,5 +97,6 @@ with lib;
ClientAliveCountMax = 1; ClientAliveCountMax = 1;
}; };
}; };
}; }
];
} }

64
machines/kat-orchid/default.nix
View file

@ -3,6 +3,9 @@
lib, lib,
pkgs, pkgs,
mods, mods,
kat-path,
ssh-keys,
sources,
... ...
}: }:
{ {
@ -63,7 +66,10 @@
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -79,8 +85,12 @@
"orchid.katvayor.net" = { "orchid.katvayor.net" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/static/" = { locations = {
alias = "/srv/orchid/"; "/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
}; };
}; };
"simply-wise.fr" = { "simply-wise.fr" = {
@ -100,10 +110,54 @@
}; };
}; };
}; };
services.wordpress = { containers.wordpress =
let
inherit (config.security.acme) certs;
in
{
privateNetwork = true;
bindMounts.certs = {
hostPath = certs."orchid.katvayor.net".directory;
mountPoint = certs."orchid.katvayor.net".directory;
isReadOnly = true;
};
hostAddress = "192.168.123.1";
localAddress = "192.168.123.2";
autoStart = true;
specialArgs = {
inherit kat-path ssh-keys sources;
};
config = {
imports = [ kat-path ];
kat.addArgs = false;
boot.kernel.enable = false;
systemd.network.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
80
443
];
services = {
nginx = {
enable = true;
virtualHosts."orchid.katvayor.net" = {
addSSL = true;
sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
};
};
openssh.enable = true;
wordpress = {
webserver = "nginx"; webserver = "nginx";
sites."orchid.katvayor.net" = { sites."orchid.katvayor.net" = {
themes = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; }; themes = {
inherit (pkgs.wordpressPackages.themes) twentytwentythree;
};
};
};
};
environment.systemPackages = [ pkgs.wp-cli ];
system.stateVersion = "24.11";
}; };
}; };
fileSystems."/home/orchid/content/www" = { fileSystems."/home/orchid/content/www" = {