machines/tangra: poyfestival.com website

2026-06-01 10:42:03 +07:00
parent bc16c72707
commit da6be4946f
35 changed files with 3463 additions and 0 deletions
@@ -0,0 +1,145 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "wordpress";
+  manifest.description = "wordpress with multi-tenant support and state of plugins and themes are allowed";
+  manifest.readme = "wordpress with multi-tenant support and state of plugins and themes are allowed";
+  manifest.categories = [ "System" ];
+
+  roles.server = {
+    description = "A default server role";
+    interface =
+      { lib, ... }:
+      {
+        options = {
+          tenants = lib.mkOption {
+            type = with lib.types; listOf str;
+            default = [ "localhost" ];
+            description = "List of tenants website to host on the instance";
+            example = [ "example.com" ];
+          };
+        };
+      };
+
+    perInstance =
+      { settings, ... }:
+      {
+        nixosModule =
+          {
+            pkgs,
+            lib,
+            config,
+            ...
+          }:
+          let
+            user = "wordpress";
+
+            mkSafeDBName = domain: "wp_${builtins.replaceStrings [ "." ] [ "_" ] domain}";
+
+            mkWordpressSite = domain: {
+              database = {
+                name = mkSafeDBName domain;
+                user = user;
+              };
+              package = wp-pkg domain;
+              extraConfig = ''
+                define('FS_METHOD', 'direct');
+              '';
+              themes = { };
+            };
+
+            stateDir = hostName: "/var/lib/wordpress/${hostName}";
+
+            wp-pkg =
+              hostName:
+              let
+                upStreamSrc = pkgs.wordpress;
+              in
+              pkgs.stdenv.mkDerivation {
+                pname = "wordpress-custom";
+                version = upStreamSrc.version;
+                src = upStreamSrc;
+
+                installPhase = ''
+                  mkdir -p $out
+                  cp -r * $out/
+
+                  rm -rf $out/share/wordpress/wp-content/plugins
+                  rm -rf $out/share/wordpress/wp-content/themes
+
+                  # symlink uploads directory
+                  ln -s "${stateDir hostName}"/wp-content/themes $out/share/wordpress/wp-content/themes
+                  ln -s "${stateDir hostName}"/wp-content/plugins $out/share/wordpress/wp-content/plugins
+                  ln -s "${stateDir hostName}"/wp-content/upgrade $out/share/wordpress/wp-content/upgrade
+
+                '';
+              };
+            webserver = config.services.${config.services.wordpress.webserver};
+          in
+          {
+            services.wordpress.webserver = "nginx";
+
+            services.wordpress.sites = builtins.listToAttrs (
+              map (tenant: {
+                name = tenant;
+                value = mkWordpressSite tenant;
+
+              }) settings.tenants
+            );
+
+            systemd.tmpfiles.rules = lib.flatten (
+              map (tenant: [
+                "d '${stateDir tenant}/wp-content' 0750 ${user} ${webserver.group} - -"
+                "d '${stateDir tenant}/wp-content/themes' 0750 ${user} ${webserver.group} - -"
+                "Z '${stateDir tenant}/wp-content/themes' 0750 ${user} ${webserver.group} - -"
+                "d '${stateDir tenant}/wp-content/plugins' 0750 ${user} ${webserver.group} - -"
+                "Z '${stateDir tenant}/wp-content/plugins' 0750 ${user} ${webserver.group} - -"
+                "d '${stateDir tenant}/wp-content/upgrade' 0750 ${user} ${webserver.group} - -"
+                "Z '${stateDir tenant}/wp-content/upgrade' 0750 ${user} ${webserver.group} - -"
+              ]) settings.tenants
+            );
+
+            networking.firewall.allowedTCPPorts = [
+              80
+              443
+            ];
+
+            security.acme.certs = lib.listToAttrs (
+              map (
+                tenant:
+                (lib.nameValuePair tenant {
+                  email = config.clan.core.vars.generators.acme.files.email.value;
+                  webroot = "/var/lib/acme/acme-challenge/${tenant}";
+                })
+              ) settings.tenants
+            );
+
+            services.nginx.virtualHosts = lib.listToAttrs (
+              map (
+                tenant:
+                (lib.nameValuePair tenant {
+                  forceSSL = true;
+                  useACMEHost = tenant;
+                  acmeRoot = config.security.acme.certs.${tenant}.webroot;
+                })
+              ) settings.tenants
+            );
+
+            clan.core.vars.generators.acme = {
+              share = true;
+              files.email.secret = false;
+
+              prompts.email = {
+                type = "line";
+                description = "Email for ACME registeration";
+              };
+
+              script = ''
+                cat $prompts/email > $out/email
+              '';
+            };
+
+          };
+      };
+  };
+}
@@ -0,0 +1,19 @@
+{ self, inputs, ... }:
+let
+  module = ./default.nix;
+in
+{
+  clan.modules = {
+    wordpress = module;
+  };
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.service-wordpress = {
+        imports = [ ./tests/vm/default.nix ];
+        _module.args = { inherit self inputs; };
+
+        clan.modules."@clan/wordpress" = module;
+      };
+    };
+}
@@ -0,0 +1,59 @@
+{
+  self,
+  config,
+  lib,
+  hostPkgs,
+  ...
+}:
+{
+  name = "service-wordpress";
+  result.update-vars =
+    let
+      relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory);
+    in
+    hostPkgs.writeShellScriptBin "update-vars" ''
+      set -x
+      export PRJ_ROOT=$(git rev-parse --show-toplevel)
+      ${
+        self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli
+      }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name}
+    '';
+
+  clan = {
+    test.useContainers = false;
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+
+      instances = {
+        wordpress-test = {
+          module.name = "@clan/wordpress";
+          module.input = "self";
+          roles.server.machines."server".settings = {
+            tenants = [
+              "localhost"
+              "site2.localhost"
+            ];
+          };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = { };
+  };
+
+  testScript = ''
+    start_all()
+
+    server.wait_for_unit("phpfpm-wordpress-localhost.service")
+    server.wait_for_unit("phpfpm-wordpress-site2.localhost.service")
+
+    server.succeed("systemctl status phpfpm-wordpress-localhost.service")
+    server.succeed("systemctl status phpfpm-wordpress-site2.localhost.service")
+    server.wait_for_open_port(80)
+    server.succeed("curl -H \"Host: localhost\" http://127.0.0.1:80 ")
+    server.succeed("curl -H \"Host: site2.localhost\" http://127.0.0.1:80 ")
+  '';
+}