mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 14:11:36 +00:00
Merge pull request #69247 from mmilata/wordpress
wordpress: new package version, generate secrets locally
This commit is contained in:
commit
25efd6cd58
|
@ -61,6 +61,19 @@ let
|
|||
?>
|
||||
'';
|
||||
|
||||
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
|
||||
secretsScript = hostStateDir: ''
|
||||
if ! test -e "${hostStateDir}/secret-keys.php"; then
|
||||
umask 0177
|
||||
echo "<?php" >> "${hostStateDir}/secret-keys.php"
|
||||
${concatMapStringsSep "\n" (var: ''
|
||||
echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
|
||||
'') secretsVars}
|
||||
echo "?>" >> "${hostStateDir}/secret-keys.php"
|
||||
chmod 440 "${hostStateDir}/secret-keys.php"
|
||||
fi
|
||||
'';
|
||||
|
||||
siteOpts = { lib, name, ... }:
|
||||
{
|
||||
options = {
|
||||
|
@ -340,14 +353,7 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-wordpress-${hostName}.service" ];
|
||||
after = optional cfg.database.createLocally "mysql.service";
|
||||
script = ''
|
||||
if ! test -e "${stateDir hostName}/secret-keys.php"; then
|
||||
echo "<?php" >> "${stateDir hostName}/secret-keys.php"
|
||||
${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
|
||||
echo "?>" >> "${stateDir hostName}/secret-keys.php"
|
||||
chmod 440 "${stateDir hostName}/secret-keys.php"
|
||||
fi
|
||||
'';
|
||||
script = secretsScript (stateDir hostName);
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
|
|
@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
|
|||
};
|
||||
|
||||
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
|
||||
|
||||
# required for wordpress-init.service to succeed
|
||||
systemd.tmpfiles.rules = [
|
||||
"F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
|
||||
"F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
|
||||
];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
|
@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
|
|||
|
||||
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
|
||||
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
|
||||
|
||||
$machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
|
||||
$machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
|
||||
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
|
||||
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
|
||||
'';
|
||||
|
||||
})
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "wordpress";
|
||||
version = "5.2.2";
|
||||
version = "5.2.3";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://wordpress.org/${pname}-${version}.tar.gz";
|
||||
sha256 = "08iilbvf1gam2nmacj0a8fgldnd2gighmslf9sny8dsdlqlwjgvq";
|
||||
sha256 = "07gqdzhnqivyfah386lwyz984y9k2bc0hmji1y2pbvv0a60r63wr";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
Loading…
Reference in a new issue