phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove test services

Browse source
This commit is contained in:
Paul-Henri Froidmont 2023-02-28 22:18:26 +01:00
parent 4be62a69ed
commit f689018302
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
8 changed files with 3 additions and 208 deletions
Download patch file Download diff file Expand all files Collapse all files

121
modules/elefan.nix
View file

@ -1,121 +0,0 @@
{ config, lib, pkgs, ... }:
let
composer = pkgs.php81Packages.composer.overrideDerivation (old: {
version = "2.2.18";
src = pkgs.fetchurl {
url = "https://getcomposer.org/download/2.2.18/composer.phar";
sha256 = "sha256-KKjZdA1hUTeowB0yrvkYTbFvVD/KNtsDhQGilNjpWyQ=";
};
});
in
{
containers.elefan-test = {
ephemeral = false;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.101.1";
localAddress = "192.168.101.2";
config = {
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [ php74 git composer tmux vim ];
networking.firewall.allowedTCPPorts = [ 80 ];
users.groups.php = { };
users.users.php = {
isNormalUser = true;
group = config.containers.elefan-test.config.users.groups.php.name;
};
services.mysql = {
enable = true;
package = pkgs.mariadb_108;
initialDatabases = [{
name = "symfony";
}];
ensureUsers = [
{
name = "symfony";
ensurePermissions = {
"symfony.*" = "ALL PRIVILEGES";
};
}
{
name = "root";
ensurePermissions = {
"*.*" = "ALL PRIVILEGES";
};
}
];
};
services.nginx = {
enable = true;
virtualHosts."elefan-test.froidmont.org" = {
default = true;
root = "/var/www/elefan-test/web";
locations."/" = {
extraConfig = ''
try_files $uri /app.php$is_args$args;
'';
};
locations."~ ^/app\\.php(/|$)" = {
extraConfig = ''
fastcgi_pass unix:${config.containers.elefan-test.config.services.phpfpm.pools.elefan-test.socket};
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
'';
};
locations."~* ^/sw/(.*)/(qr|br)\\.png$" = {
extraConfig = ''
rewrite ^/sw/(.*)/(qr|br)\.png$ /app.php/sw/$1/$2.png last;
'';
};
extraConfig = ''
location ~ \.php$ {
return 404;
}
'';
};
};
services.phpfpm.pools.elefan-test = {
user = "nginx";
settings = {
pm = "dynamic";
"listen.owner" = config.containers.elefan-test.config.services.nginx.user;
"pm.max_children" = 5;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
};
};
system.stateVersion = "22.05";
};
};
services.nginx.virtualHosts."elefan-test.froidmont.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.101.2";
};
};
}

11
modules/postgresql.nix
View file

@ -10,7 +10,6 @@
root_as_others root synapse
root_as_others root nextcloud
root_as_others root roundcube
root_as_others root wikijs-test
root_as_others root mastodon
'';
authentication = ''
@ -36,11 +35,6 @@
key = "roundcube/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
wikiJsTestDbPassword = {
owner = config.services.postgresql.superUser;
key = "wikijs-test/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
mastodonDbPassword = {
owner = config.services.postgresql.superUser;
key = "mastodon/db_password";
@ -66,19 +60,16 @@
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "wikijs-test"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "wikijs-test" OWNER "wikijs-test"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE \"wikijs-test\" LOGIN"
PSQL -tAc "ALTER ROLE mastodon LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
@ -87,8 +78,6 @@
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
wikijstest_password="$(<'${config.sops.secrets.wikiJsTestDbPassword.path}')"
PSQL -tAc "ALTER ROLE \"wikijs-test\" WITH PASSWORD '$wikijstest_password'"
mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"
PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
'';