diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 07af7aa0dfec..df0a5787f154 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -3,13 +3,15 @@ let inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types; + inherit (lib) flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair; - cfg = config.services.dokuwiki; + eachSite = config.services.dokuwiki; + stateDir = cfg: "/var/lib/dokuwiki/${cfg.hostName}"; user = config.services.nginx.user; group = config.services.nginx.group; - dokuwikiAclAuthConfig = pkgs.writeText "acl.auth.php" '' + dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" '' # acl.auth.php # # @@ -18,24 +20,50 @@ let ${toString cfg.acl} ''; - dokuwikiLocalConfig = pkgs.writeText "local.php" '' + dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" '' (cfg.acl != null || cfg.aclFile != null); - message = "Either services.dokuwiki.acl or services.dokuwiki.aclFile is mandatory when aclUse is true"; - } - { - assertion = cfg.usersFile != null -> cfg.aclUse != false; - message = "services.dokuwiki.aclUse must be true when usersFile is not null"; - } - ]; + assertions = flatten (mapAttrsToList (hostName: cfg: + [{ + assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); + message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory when aclUse is true"; + } + { + assertion = cfg.usersFile != null -> cfg.aclUse != false; + message = "services.dokuwiki.${hostName}.aclUse must be true when usersFile is not null"; + }]) eachSite); - services.phpfpm.pools.dokuwiki = { - inherit user; - inherit group; - phpEnv = { - DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig}"; - DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig}"; - } //optionalAttrs (cfg.usersFile != null) { - DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; - } //optionalAttrs (cfg.aclUse) { - DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig}" else "${toString cfg.aclFile}"; - }; - - settings = { - "listen.mode" = "0660"; - "listen.owner" = user; - "listen.group" = group; - } // cfg.poolConfig; - }; + services.phpfpm.pools = mapAttrs' (hostName: cfg: ( + nameValuePair "dokuwiki-${hostName}" { + inherit user; + inherit group; + phpEnv = { + DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; + DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; + } //optionalAttrs (cfg.usersFile != null) { + DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; + } //optionalAttrs (cfg.aclUse) { + DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; + }; + + settings = { + "listen.mode" = "0660"; + "listen.owner" = user; + "listen.group" = group; + } // cfg.poolConfig; + })) eachSite; services.nginx = { enable = true; - virtualHosts = { - ${cfg.hostName} = mkMerge [ cfg.nginx { - root = mkForce "${pkgs.dokuwiki}/share/dokuwiki/"; + virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { + root = mkForce "${pkg hostName cfg}/share/dokuwiki/"; extraConfig = "fastcgi_param HTTPS on;"; locations."~ /(conf/|bin/|inc/|install.php)" = { @@ -246,27 +284,25 @@ in include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; - fastcgi_pass unix:${config.services.phpfpm.pools.dokuwiki.socket}; + fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; fastcgi_param HTTPS on; ''; }; - }]; + }]) eachSite; }; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.stateDir}/attic 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/cache 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/index 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/locks 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media_attic 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media_meta 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" - ]; + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ + "d ${stateDir cfg}/attic 0750 ${user} ${group} - -" + "d ${stateDir cfg}/cache 0750 ${user} ${group} - -" + "d ${stateDir cfg}/index 0750 ${user} ${group} - -" + "d ${stateDir cfg}/locks 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media_attic 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media_meta 0750 ${user} ${group} - -" + "d ${stateDir cfg}/meta 0750 ${user} ${group} - -" + "d ${stateDir cfg}/pages 0750 ${user} ${group} - -" + "d ${stateDir cfg}/tmp 0750 ${user} ${group} - -" + ]) eachSite); }; } diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 38bde10f47ed..65d2677dd3ab 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -1,29 +1,42 @@ -import ./make-test-python.nix ({ lib, ... }: - -with lib; +import ./make-test-python.nix ({ pkgs, ... }: { name = "dokuwiki"; - meta.maintainers = with maintainers; [ maintainers."1000101" ]; + meta.maintainers = with pkgs.lib.maintainers; [ "1000101" ]; - nodes.machine = - { pkgs, ... }: - { services.dokuwiki = { - enable = true; - acl = " "; - superUser = null; - nginx = { - forceSSL = false; - enableACME = false; - }; - }; + machine = { ... }: { + services.dokuwiki."site1.local" = { + acl = " "; + superUser = null; + nginx = { + forceSSL = false; + enableACME = false; + }; }; + services.dokuwiki."site2.local" = { + acl = " "; + superUser = null; + nginx = { + forceSSL = false; + enableACME = false; + }; + }; + networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ]; + }; testScript = '' - machine.start() - machine.wait_for_unit("phpfpm-dokuwiki.service") + site_names = ["site1.local", "site2.local"] + + start_all() + + machine.wait_for_unit("phpfpm-dokuwiki-site1.local.service") + machine.wait_for_unit("phpfpm-dokuwiki-site2.local.service") + machine.wait_for_unit("nginx.service") + machine.wait_for_open_port(80) - machine.succeed("curl -sSfL http://localhost/ | grep 'DokuWiki'") + + machine.succeed("curl -sSfL http://site1.local/ | grep 'DokuWiki'") + machine.succeed("curl -sSfL http://site2.local/ | grep 'DokuWiki'") ''; })