diff --git a/bundles/wordpress/README.md b/bundles/wordpress/README.md new file mode 100644 index 0000000..5aab92c --- /dev/null +++ b/bundles/wordpress/README.md @@ -0,0 +1 @@ +https://www.enterprisedb.com/postgres-tutorials/how-deploy-wordpress-highly-available-postgresql diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py new file mode 100644 index 0000000..6c3ebd7 --- /dev/null +++ b/bundles/wordpress/items.py @@ -0,0 +1,9 @@ +assert node.has_bundle('nginx') +assert node.has_bundle('php') +assert node.has_bundle('postgresql') + + +for domain, conf in node.metadata.get('wordpress').items(): + directories[conf['root']] = { + 'owner': 'www-data', + } diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py new file mode 100644 index 0000000..3463022 --- /dev/null +++ b/bundles/wordpress/metadata.py @@ -0,0 +1,60 @@ +defaults = { + 'wordpress': {}, +} + + +@metadata_reactor.provides( + 'wordpress', +) +def wordpress(metadata): + return { + 'wordpress': { + domain: { + 'root': f'/var/www/{domain}', + } + for domain in metadata.get('wordpress') + }, + } + + +@metadata_reactor.provides( + 'postgresql/roles', + 'postgresql/databases', +) +def postgresql(metadata): + return { + 'postgresql': { + 'roles': { + domain: { + 'password': repo.vault.password_for(f'{node.name} postgresql wordpress {domain}').value, + } + for domain in metadata.get('wordpress') + }, + 'databases': { + domain: { + 'owner': domain, + } + for domain in metadata.get('wordpress') + }, + }, + } + + +@metadata_reactor.provides( + 'nginx/vhosts' +) +def vhost(metadata): + return { + 'nginx': { + 'vhosts': { + domain: { + 'content': 'wordpress/vhost.conf', + 'context': { + 'root': conf['root'], + }, + 'internal_dns': conf.get('internal_dns', True) + } + for domain, conf in metadata.get('wordpress').items() + }, + }, + } diff --git a/data/wordpress/vhost.conf b/data/wordpress/vhost.conf new file mode 100644 index 0000000..c3f28c3 --- /dev/null +++ b/data/wordpress/vhost.conf @@ -0,0 +1,43 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${server_name}; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + root ${root}; + + index index.php; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + # This is cool because no php is touched for static content. + # include the "?$args" part so non-default permalinks doesn't break when using query string + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi_params; + fastcgi_intercept_errors on; + fastcgi_pass php-handler; + #The following parameter can be also included in fastcgi_params file + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } +} diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index 70c5351..b0e655f 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -18,6 +18,7 @@ 'nginx-rtmps', 'steam', 'wireguard', + 'wordpress', 'zfs', ], 'metadata': { @@ -171,14 +172,19 @@ }, 'internal_dns': False, }, - 'elimu-kwanza.de': { - 'content': 'nginx/message.conf', - 'context': { - 'title': 'Im Aufbau/under construction', - 'message': 'info@elimu-kwanza.de', - }, - 'internal_dns': False, - }, + # 'elimu-kwanza.de': { + # 'content': 'nginx/message.conf', + # 'context': { + # 'title': 'Im Aufbau/under construction', + # 'message': 'info@elimu-kwanza.de', + # }, + # 'internal_dns': False, + # }, + }, + }, + 'wordpress': { + 'elimu-kwanza.de': { + 'internal_dns': False, }, }, 'nginx-rtmps': {