From 5af49514f122eacdc2de06586473d00dbefdec36 Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 23 Sep 2022 13:38:36 +0200
Subject: [PATCH] add wordpress website

---
 systems/LoutreOS/web.nix | 72 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix
index 6b8e9244d..1cacd80ed 100644
--- a/systems/LoutreOS/web.nix
+++ b/systems/LoutreOS/web.nix
@@ -61,6 +61,10 @@ in
       isSystemUser = true;
       group = config.users.groups.webdav.name;
     };
+    wordpress = {
+      isSystemUser = true;
+      group = config.services.nginx.group;
+    };
   };
 
   services = {
@@ -78,6 +82,22 @@ in
       #     "pm.max_requests" = 500;
       #   };
       # };
+
+      "wordpress-designyourfuture" = {
+        user = config.users.users.wordpress.name;
+        group = config.services.nginx.group;
+        settings = {
+          "listen.owner" = config.services.nginx.user;
+          "pm" = "dynamic";
+          "pm.max_children" = 32;
+          "pm.start_servers" = 2;
+          "pm.min_spare_servers" = 2;
+          "pm.max_spare_servers" = 4;
+          "pm.max_requests" = 500;
+        };
+      };
+
+
       drive = {
         user = config.users.users.webdav.name;
         settings = {
@@ -295,6 +315,53 @@ in
             '';
           }
         ];
+        "designyourfuture.amandoline-creations.fr" = base {
+          "/" = {
+            priority = 200;
+            extraConfig = ''
+              try_files $uri $uri/ /index.php$is_args$args;
+            '';
+          };
+          "~ \\.php$" = {
+            priority = 500;
+            extraConfig = ''
+              fastcgi_split_path_info ^(.+\.php)(/.+)$;
+              fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket};
+              fastcgi_index index.php;
+              include "${config.services.nginx.package}/conf/fastcgi.conf";
+              fastcgi_param PATH_INFO $fastcgi_path_info;
+              fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
+              # Mitigate https://httpoxy.org/ vulnerabilities
+              fastcgi_param HTTP_PROXY "";
+              fastcgi_intercept_errors off;
+              fastcgi_buffer_size 16k;
+              fastcgi_buffers 4 16k;
+              fastcgi_connect_timeout 300;
+              fastcgi_send_timeout 300;
+              fastcgi_read_timeout 300;
+            '';
+          };
+          "~ /\\." = {
+            priority = 800;
+            extraConfig = "deny all;";
+          };
+          "~* /(?:uploads|files)/.*\\.php$" = {
+            priority = 900;
+            extraConfig = "deny all;";
+          };
+          "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = {
+            priority = 1000;
+            extraConfig = ''
+              expires max;
+              log_not_found off;
+            '';
+          };
+         } // {
+           root = "/var/www/wordpress-designyourfuture";
+           extraConfig = ''
+            index index.php;
+          '';
+         };
       };
     };
 
@@ -324,6 +391,11 @@ in
     };
 
     python-ci.enable = true;
+
+    mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+    };
   };
 
   systemd.services.nginx.serviceConfig = {