lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

feat(wordpress): container

Browse source
This commit is contained in:
catvayor 2024-10-27 09:16:42 +01:00
parent 545b05ebe5
commit bc23fda1c2
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 128 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
kat/default.nix
View file

@ -15,6 +15,9 @@ with lib;
"${sources.disko}/module.nix" "${sources.disko}/module.nix"
]; ];
options.kat = { options.kat = {
addArgs = mkEnableOption "the extra arguments" // {
default = true;
};
wireguardPubKey = mkOption { wireguardPubKey = mkOption {
type = types.str; type = types.str;
}; };
@ -26,71 +29,74 @@ with lib;
readOnly = true; readOnly = true;
}; };
}; };
config = { config = mkMerge [
_module.args = { (mkIf config.kat.addArgs {
ssh-keys = import ./ssh-keys { inherit lib; }; _module.args = {
kat-path = ./.; ssh-keys = import ./ssh-keys { inherit lib; };
}; kat-path = ./.;
};
kat = { })
anywhere = pkgs.writeShellApplication { {
name = "anywhere-deploy_${name}.sh"; kat = {
runtimeInputs = [ pkgs.nixos-anywhere ]; anywhere = pkgs.writeShellApplication {
# --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz name = "anywhere-deploy_${name}.sh";
text = '' runtimeInputs = [ pkgs.nixos-anywhere ];
nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost} # --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz
''; text = ''
nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost}
'';
};
}; };
};
boot = { boot = {
tmp.useTmpfs = true; tmp.useTmpfs = true;
supportedFilesystems.bcachefs = mkDefault true; supportedFilesystems.bcachefs = mkDefault true;
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
}; };
networking = { networking = {
useNetworkd = true; useNetworkd = true;
nftables.enable = true; nftables.enable = true;
}; };
systemd.network.enable = true; systemd.network.enable = true;
nix = { nix = {
nixPath = [ nixPath = [
"nixpkgs=${builtins.storePath pkgs.path}" "nixpkgs=${builtins.storePath pkgs.path}"
"nixos=${builtins.storePath pkgs.path}" "nixos=${builtins.storePath pkgs.path}"
];
channel.enable = false;
settings.nix-path = config.nix.nixPath;
package = pkgs.lix;
};
time.timeZone = mkDefault "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = mkDefault "fr";
};
environment.systemPackages = with pkgs; [
tree
ranger
ripgrep
wget
git
lazygit
btop
screen
nix-search-cli
nix-output-monitor
]; ];
channel.enable = false;
settings.nix-path = config.nix.nixPath;
package = pkgs.lix;
};
time.timeZone = mkDefault "Europe/Paris"; services = {
i18n.defaultLocale = "en_US.UTF-8"; resolved.enable = !config.boot.isContainer;
console = { openssh.settings = {
font = "Lat2-Terminus16"; ClientAliveInterval = 60;
keyMap = mkDefault "fr"; ClientAliveCountMax = 1;
}; };
environment.systemPackages = with pkgs; [
tree
ranger
ripgrep
wget
git
lazygit
btop
screen
nix-search-cli
nix-output-monitor
];
services = {
resolved.enable = !config.boot.isContainer;
openssh.settings = {
ClientAliveInterval = 60;
ClientAliveCountMax = 1;
}; };
}; }
}; ];
} }

70
machines/kat-orchid/default.nix
View file

@ -3,6 +3,9 @@
lib, lib,
pkgs, pkgs,
mods, mods,
kat-path,
ssh-keys,
sources,
... ...
}: }:
{ {
@ -63,7 +66,10 @@
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -79,8 +85,12 @@
"orchid.katvayor.net" = { "orchid.katvayor.net" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/static/" = { locations = {
alias = "/srv/orchid/"; "/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
}; };
}; };
"simply-wise.fr" = { "simply-wise.fr" = {
@ -100,12 +110,56 @@
}; };
}; };
}; };
services.wordpress = { containers.wordpress =
webserver = "nginx"; let
sites."orchid.katvayor.net" = { inherit (config.security.acme) certs;
themes = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; }; in
{
privateNetwork = true;
bindMounts.certs = {
hostPath = certs."orchid.katvayor.net".directory;
mountPoint = certs."orchid.katvayor.net".directory;
isReadOnly = true;
};
hostAddress = "192.168.123.1";
localAddress = "192.168.123.2";
autoStart = true;
specialArgs = {
inherit kat-path ssh-keys sources;
};
config = {
imports = [ kat-path ];
kat.addArgs = false;
boot.kernel.enable = false;
systemd.network.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
80
443
];
services = {
nginx = {
enable = true;
virtualHosts."orchid.katvayor.net" = {
addSSL = true;
sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
};
};
openssh.enable = true;
wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = {
themes = {
inherit (pkgs.wordpressPackages.themes) twentytwentythree;
};
};
};
};
environment.systemPackages = [ pkgs.wp-cli ];
system.stateVersion = "24.11";
};
}; };
};
fileSystems."/home/orchid/content/www" = { fileSystems."/home/orchid/content/www" = {
device = "/srv/orchid"; device = "/srv/orchid";
options = [ "bind" ]; options = [ "bind" ];