wip

2024-02-04 12:48:19 +01:00 · 2024-02-04 12:48:19 +01:00 · 88d21ca1e5
commit 88d21ca1e5
parent a4d3041b45
3 changed files with 26 additions and 4 deletions
--- a/bundles/mariadb/items.py
+++ b/bundles/mariadb/items.py
@ -81,8 +81,8 @@ for db, conf in node.metadata.get('mariadb/databases', {}).items():
        ],
    }
    actions[f'mariadb_grant_privileges_to_{db}'] = {
-        'command': mariadb(f"GRANT ALL PRIVILEGES ON {db} TO '{db}'", database=db),
-        'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'",
+        'command': mariadb(f"GRANT ALL PRIVILEGES ON {db}.* TO '{db}'", database=db),
+        'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.* TO `{db}`@`%`'",
        'needs': [
            f'action:mariadb_user_{db}_create',
        ],
--- a/bundles/wordpress/metadata.py
+++ b/bundles/wordpress/metadata.py
@ -10,7 +10,7 @@ def wordpress(metadata):
            site: {
                'db_password': repo.vault.password_for(f"wordpress {site} db").value,
            }
-                for site in metadata.get('wordpress', {})
+                for site in metadata.get('wordpress')
        },
    }

@ -25,7 +25,7 @@ def mariadb(metadata):
                site: {
                    'password': metadata.get(f'wordpress/{site}/db_password')
                }
-                    for site in metadata.get('wordpress', {})
+                    for site in metadata.get('wordpress')
            },
        },
    }
@ -48,3 +48,19 @@ def vhost(metadata):
            },
        },
    }
+
+
+@metadata_reactor.provides(
+    'zfs/datasets',
+)
+def zfs(metadata):
+    return {
+        'zfs': {
+            'datasets': {
+                f'tank/{site}': {
+                    'mountpoint': f'/opt/{site}',
+                }
+                    for site in metadata.get('wordpress')
+            },
+        },
+    }
--- a/data/wordpress/vhost.conf
+++ b/data/wordpress/vhost.conf
@ -1,9 +1,15 @@
 # Upstream to abstract backend connection(s) for php
 server {
+    listen 443      ssl http2;
+    listen [::]:443 ssl http2;
+
    server_name ${server_name};
    root ${root};
    index index.php;

+    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
    location = /favicon.ico {
        log_not_found off;
        access_log off;