mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-24 14:18:13 +03:00
Merge pull request #69247 from mmilata/wordpress
wordpress: new package version, generate secrets locally
This commit is contained in:
commit
25efd6cd58
@ -61,6 +61,19 @@ let
|
|||||||
?>
|
?>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
|
||||||
|
secretsScript = hostStateDir: ''
|
||||||
|
if ! test -e "${hostStateDir}/secret-keys.php"; then
|
||||||
|
umask 0177
|
||||||
|
echo "<?php" >> "${hostStateDir}/secret-keys.php"
|
||||||
|
${concatMapStringsSep "\n" (var: ''
|
||||||
|
echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
|
||||||
|
'') secretsVars}
|
||||||
|
echo "?>" >> "${hostStateDir}/secret-keys.php"
|
||||||
|
chmod 440 "${hostStateDir}/secret-keys.php"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
siteOpts = { lib, name, ... }:
|
siteOpts = { lib, name, ... }:
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
@ -340,14 +353,7 @@ in
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
before = [ "phpfpm-wordpress-${hostName}.service" ];
|
before = [ "phpfpm-wordpress-${hostName}.service" ];
|
||||||
after = optional cfg.database.createLocally "mysql.service";
|
after = optional cfg.database.createLocally "mysql.service";
|
||||||
script = ''
|
script = secretsScript (stateDir hostName);
|
||||||
if ! test -e "${stateDir hostName}/secret-keys.php"; then
|
|
||||||
echo "<?php" >> "${stateDir hostName}/secret-keys.php"
|
|
||||||
${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
|
|
||||||
echo "?>" >> "${stateDir hostName}/secret-keys.php"
|
|
||||||
chmod 440 "${stateDir hostName}/secret-keys.php"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
|
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
|
||||||
|
|
||||||
# required for wordpress-init.service to succeed
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
|
|
||||||
"F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = ''
|
||||||
@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
|
|||||||
|
|
||||||
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
|
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
|
||||||
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
|
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
|
||||||
|
|
||||||
|
$machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
|
||||||
|
$machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
|
||||||
|
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
|
||||||
|
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
|
||||||
'';
|
'';
|
||||||
|
|
||||||
})
|
})
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "wordpress";
|
pname = "wordpress";
|
||||||
version = "5.2.2";
|
version = "5.2.3";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://wordpress.org/${pname}-${version}.tar.gz";
|
url = "https://wordpress.org/${pname}-${version}.tar.gz";
|
||||||
sha256 = "08iilbvf1gam2nmacj0a8fgldnd2gighmslf9sny8dsdlqlwjgvq";
|
sha256 = "07gqdzhnqivyfah386lwyz984y9k2bc0hmji1y2pbvv0a60r63wr";
|
||||||
};
|
};
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
Loading…
Reference in New Issue
Block a user