From 58372fd44f259308f1e89464fd84f5574047002a Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Wed, 8 Dec 2021 01:03:24 +0100
Subject: [PATCH] Migrate stb-wordpress

---
 dns.tf               |  2 +-
 modules/stb.nix      | 66 ++++++++++++++++++++++++++++++++++++++++++++
 profiles/storage.nix |  1 +
 3 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 modules/stb.nix

diff --git a/dns.tf b/dns.tf
index 45e1ea8..b0b9a9e 100644
--- a/dns.tf
+++ b/dns.tf
@@ -287,7 +287,7 @@ data "hetznerdns_zone" "stb_zone" {
 resource "hetznerdns_record" "stb_a" {
   zone_id = data.hetznerdns_zone.stb_zone.id
   name    = "@"
-  value   = hetznerdns_record.banditlair_dedicated_a.value
+  value   = local.storage1_ip
   type    = "A"
   ttl     = 600
 }
diff --git a/modules/stb.nix b/modules/stb.nix
new file mode 100644
index 0000000..e918768
--- /dev/null
+++ b/modules/stb.nix
@@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+let
+  uploadWordpressConfig = pkgs.writeText "upload.ini" ''
+    file_uploads = On
+    memory_limit = 64M
+    upload_max_filesize = 64M
+    post_max_size = 64M
+    max_execution_time = 600
+  '';
+in
+{
+  systemd.services.init-stb-network = {
+    description = "Create the network bridge stb-br for wordpress.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig.Type = "oneshot";
+    script =
+      let dockercli = "${config.virtualisation.docker.package}/bin/docker";
+      in
+      ''
+        # Put a true at the end to prevent getting non-zero return code, which will
+        # crash the whole service.
+        check=$(${dockercli} network ls | grep "stb-br" || true)
+        if [ -z "$check" ]; then
+          ${dockercli} network create stb-br
+        else
+          echo "stb-br already exists in docker"
+        fi
+      '';
+  };
+
+  virtualisation.oci-containers.containers = {
+    "stb-mariadb" = {
+      image = "mariadb:10.7";
+      environment = {
+        "MYSQL_ROOT_PASSWORD" = "root";
+        "MYSQL_USER" = "stb";
+        "MYSQL_PASSWORD" = "stb";
+        "MYSQL_DATABASE" = "stb";
+      };
+      volumes = [ "/var/lib/mariadb/stb:/var/lib/mysql" ];
+      extraOptions = [ "--network=stb-br" ];
+    };
+
+    "stb-wordpress" = {
+      image = "wordpress:5.8-php7.4-apache";
+      volumes = [
+        "/nix/var/data/stb-wordpress:/var/www/html"
+        "${uploadWordpressConfig}:/usr/local/etc/php/conf.d/uploads.ini"
+      ];
+      ports = [ "8080:80" ];
+      extraOptions = [ "--network=stb-br" ];
+    };
+  };
+
+  services.nginx.virtualHosts."www.societe-de-tir-bertrix.com" = {
+    serverAliases = [ "societe-de-tir-bertrix.com" ];
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+}
diff --git a/profiles/storage.nix b/profiles/storage.nix
index 713304b..3d1ac22 100644
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@@ -7,6 +7,7 @@
     ../modules/mailserver.nix
     ../modules/nginx.nix
     ../modules/jellyfin.nix
+    ../modules/stb.nix
   ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];