From 5932ae89c23c3bcb36a64d2ee467fbbc3625fe63 Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Thu, 29 Sep 2022 05:07:18 +0200 Subject: [PATCH] Add testing instance for collaborative grocery store software --- dns.tf | 8 +++ modules/elefan.nix | 121 +++++++++++++++++++++++++++++++++++++++++++ profiles/storage.nix | 1 + 3 files changed, 130 insertions(+) create mode 100644 modules/elefan.nix diff --git a/dns.tf b/dns.tf index d3f38d0..2641d97 100644 --- a/dns.tf +++ b/dns.tf @@ -88,6 +88,14 @@ resource "hetznerdns_record" "jitsi_a" { ttl = 600 } +resource "hetznerdns_record" "elefan-test_a" { + zone_id = data.hetznerdns_zone.froidmont_zone.id + name = "elefan-test" + value = local.storage1_ip + type = "A" + ttl = 600 +} + resource "hetznerdns_record" "transmission_a" { zone_id = data.hetznerdns_zone.banditlair_zone.id name = "transmission" diff --git a/modules/elefan.nix b/modules/elefan.nix new file mode 100644 index 0000000..c062f88 --- /dev/null +++ b/modules/elefan.nix @@ -0,0 +1,121 @@ +{ config, lib, pkgs, ... }: +let + composer = pkgs.php81Packages.composer.overrideDerivation (old: { + version = "2.2.18"; + src = pkgs.fetchurl { + url = "https://getcomposer.org/download/2.2.18/composer.phar"; + sha256 = "sha256-KKjZdA1hUTeowB0yrvkYTbFvVD/KNtsDhQGilNjpWyQ="; + }; + }); +in +{ + + containers.elefan-test = { + ephemeral = false; + autoStart = true; + + privateNetwork = true; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.2"; + + + config = { + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ php74 git composer tmux vim ]; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + users.groups.php = { }; + users.users.php = { + isNormalUser = true; + group = config.containers.elefan-test.config.users.groups.php.name; + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb_108; + initialDatabases = [{ + name = "symfony"; + }]; + ensureUsers = [ + { + name = "symfony"; + ensurePermissions = { + "symfony.*" = "ALL PRIVILEGES"; + }; + } + { + name = "root"; + ensurePermissions = { + "*.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.nginx = { + enable = true; + virtualHosts."elefan-test.froidmont.org" = { + default = true; + + root = "/var/www/elefan-test/web"; + + locations."/" = { + extraConfig = '' + try_files $uri /app.php$is_args$args; + ''; + }; + + locations."~ ^/app\\.php(/|$)" = { + extraConfig = '' + fastcgi_pass unix:${config.containers.elefan-test.config.services.phpfpm.pools.elefan-test.socket}; + fastcgi_intercept_errors on; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include ${config.services.nginx.package}/conf/fastcgi.conf; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + internal; + ''; + }; + + locations."~* ^/sw/(.*)/(qr|br)\\.png$" = { + extraConfig = '' + rewrite ^/sw/(.*)/(qr|br)\.png$ /app.php/sw/$1/$2.png last; + ''; + }; + + extraConfig = '' + location ~ \.php$ { + return 404; + } + ''; + }; + }; + + services.phpfpm.pools.elefan-test = { + user = "nginx"; + settings = { + pm = "dynamic"; + "listen.owner" = config.containers.elefan-test.config.services.nginx.user; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + "pm.max_requests" = 500; + }; + }; + + system.stateVersion = "22.05"; + }; + }; + + services.nginx.virtualHosts."elefan-test.froidmont.org" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://192.168.101.2"; + }; + }; +} diff --git a/profiles/storage.nix b/profiles/storage.nix index eb26b36..7e7bffb 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -15,6 +15,7 @@ ../modules/binary-cache.nix ../modules/grafana.nix ../modules/monitoring-exporters.nix + ../modules/elefan.nix ]; sops.secrets = {