feat(wordpress): container

2024-10-27 09:16:42 +01:00 · 2024-10-27 09:16:42 +01:00 · bc23fda1c2
commit bc23fda1c2
parent 545b05ebe5
2 changed files with 128 additions and 68 deletions
--- a/kat/default.nix
+++ b/kat/default.nix
@ -15,6 +15,9 @@ with lib;
    "${sources.disko}/module.nix"
  ];
  options.kat = {
+    addArgs = mkEnableOption "the extra arguments" // {
+      default = true;
+    };
    wireguardPubKey = mkOption {
      type = types.str;
    };
@ -26,12 +29,14 @@ with lib;
      readOnly = true;
    };
  };
-  config = {
+  config = mkMerge [
+    (mkIf config.kat.addArgs {
      _module.args = {
        ssh-keys = import ./ssh-keys { inherit lib; };
        kat-path = ./.;
      };
-
+    })
+    {
      kat = {
        anywhere = pkgs.writeShellApplication {
          name = "anywhere-deploy_${name}.sh";
@ -92,5 +97,6 @@ with lib;
          ClientAliveCountMax = 1;
        };
      };
-  };
+    }
+  ];
 }
--- a/machines/kat-orchid/default.nix
+++ b/machines/kat-orchid/default.nix
@ -3,6 +3,9 @@
  lib,
  pkgs,
  mods,
+  kat-path,
+  ssh-keys,
+  sources,
  ...
 }:
 {
@ -63,7 +66,10 @@

  services.openssh.enable = true;

-  networking.firewall.enable = false;
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];

  security.acme = {
    acceptTerms = true;
@ -79,8 +85,12 @@
      "orchid.katvayor.net" = {
        enableACME = true;
        forceSSL = true;
-        locations."/static/" = {
-          alias = "/srv/orchid/";
+        locations = {
+          "/static/".alias = "/srv/orchid/";
+          "/" = {
+            recommendedProxySettings = true;
+            proxyPass = "https://192.168.123.2/";
+          };
        };
      };
      "simply-wise.fr" = {
@ -100,10 +110,54 @@
      };
    };
  };
-  services.wordpress = {
+  containers.wordpress =
+    let
+      inherit (config.security.acme) certs;
+    in
+    {
+      privateNetwork = true;
+      bindMounts.certs = {
+        hostPath = certs."orchid.katvayor.net".directory;
+        mountPoint = certs."orchid.katvayor.net".directory;
+        isReadOnly = true;
+      };
+      hostAddress = "192.168.123.1";
+      localAddress = "192.168.123.2";
+      autoStart = true;
+      specialArgs = {
+        inherit kat-path ssh-keys sources;
+      };
+      config = {
+        imports = [ kat-path ];
+        kat.addArgs = false;
+        boot.kernel.enable = false;
+        systemd.network.enable = lib.mkForce false;
+        networking.firewall.allowedTCPPorts = [
+          80
+          443
+        ];
+        services = {
+          nginx = {
+            enable = true;
+            virtualHosts."orchid.katvayor.net" = {
+              addSSL = true;
+              sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
+              sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
+              sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
+            };
+          };
+          openssh.enable = true;
+          wordpress = {
            webserver = "nginx";
            sites."orchid.katvayor.net" = {
-      themes = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; };
+              themes = {
+                inherit (pkgs.wordpressPackages.themes) twentytwentythree;
+              };
+            };
+          };
+        };
+        environment.systemPackages = [ pkgs.wp-cli ];
+        system.stateVersion = "24.11";
      };
    };
  fileSystems."/home/orchid/content/www" = {