From 0c596fb3961bf096294d1a827851a536935bb96b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 03:48:26 +0000 Subject: [PATCH 1/2] Initial plan From cdb93ad8dc07fe9a9b6c08adbcd57525b94e2f37 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 03:51:10 +0000 Subject: [PATCH 2/2] fix: detect existing Nextcloud/WordPress installs and add dedicated php-fpm pools Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/6d5b7710-ee06-40ff-8975-f8edca8b879f Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/core/caddy.nix | 6 ++-- modules/nextcloud.nix | 66 ++++++++++++++++++++++++++++++++++++- modules/wordpress.nix | 75 +++++++++++++++++++++++++++++++++++++++++- 3 files changed, 142 insertions(+), 5 deletions(-) diff --git a/modules/core/caddy.nix b/modules/core/caddy.nix index 7d032d3..a288ec9 100755 --- a/modules/core/caddy.nix +++ b/modules/core/caddy.nix @@ -110,7 +110,7 @@ EOF $WORDPRESS { encode gzip zstd root * /var/lib/www/wordpress - php_fastcgi unix//run/phpfpm/mypool.sock + php_fastcgi unix//run/phpfpm/wordpress.sock file_server browse } EOF @@ -123,7 +123,7 @@ EOF $NEXTCLOUD { encode gzip zstd root * /var/lib/www/nextcloud - php_fastcgi unix//run/phpfpm/mypool.sock { + php_fastcgi unix//run/phpfpm/nextcloud.sock { trusted_proxies private_ranges } file_server @@ -221,4 +221,4 @@ ${extraVhosts} CUSTOM_VHOSTS_EOF ''; }; -} \ No newline at end of file +} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 15f690e..38e7c89 100755 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -53,7 +53,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { # ── Fully automated Nextcloud setup ─────────────────────── systemd.services.nextcloud-init = { description = "Download, extract, and fully configure Nextcloud"; - after = [ "network-online.target" "postgresql.service" "phpfpm-mypool.service" "nextcloud-db-init.service" ]; + after = [ "network-online.target" "postgresql.service" "phpfpm-nextcloud.service" "nextcloud-db-init.service" ]; wants = [ "network-online.target" ]; requires = [ "postgresql.service" "nextcloud-db-init.service" ]; wantedBy = [ "multi-user.target" ]; @@ -199,6 +199,54 @@ CREDS ''; }; + systemd.services.nextcloud-detect-existing = { + description = "Detect pre-existing Nextcloud installation and populate hub credentials"; + after = [ "postgresql.service" ]; + wants = [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + + unitConfig = { + ConditionPathExists = [ + "/var/lib/www/nextcloud/config/config.php" + "!/var/lib/secrets/nextcloud-admin" + ]; + }; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + path = with pkgs; [ php coreutils gnused ]; + + script = '' + set -euo pipefail + + CONFIG_FILE="/var/lib/www/nextcloud/config/config.php" + CREDS_FILE="/var/lib/secrets/nextcloud-admin" + DOMAIN_FILE="/var/lib/domains/nextcloud" + DOMAIN="" + + DOMAIN="$(php -r '$cfg = @include "/var/lib/www/nextcloud/config/config.php"; if (!is_array($cfg)) { exit(0); } $url = $cfg["overwrite.cli.url"] ?? ""; if (is_string($url) && $url !== "") { $host = parse_url($url, PHP_URL_HOST); if (is_string($host) && $host !== "") { echo $host; exit(0); } } $trusted = $cfg["trusted_domains"] ?? []; if (is_array($trusted)) { foreach ($trusted as $entry) { if (is_string($entry) && $entry !== "") { $entry = preg_replace("#^https?://#", "", $entry); $entry = preg_replace("#/.*$#", "", $entry); if ($entry !== "") { echo $entry; exit(0); } } } } if (is_string($trusted) && $trusted !== "") { $trusted = preg_replace("#^https?://#", "", $trusted); $trusted = preg_replace("#/.*$#", "", $trusted); echo $trusted; }' 2>/dev/null || true)" + + mkdir -p /var/lib/secrets /var/lib/domains + + cat > "$CREDS_FILE" << CREDS +Nextcloud Existing Installation +═══════════════════════════════ +URL: ''${DOMAIN:+https://$DOMAIN/}''${DOMAIN:-Unknown (set in $CONFIG_FILE)} +Note: Credentials were set before this flake. + Use existing credentials or reset via: + php /var/lib/www/nextcloud/occ user:resetpassword +CREDS + chmod 600 "$CREDS_FILE" + + if [ -n "$DOMAIN" ] && [ ! -f "$DOMAIN_FILE" ]; then + printf '%s\n' "$DOMAIN" > "$DOMAIN_FILE" + fi + ''; + }; + services.cron.systemCronJobs = [ "*/5 * * * * caddy /run/current-system/sw/bin/php -f /var/lib/www/nextcloud/cron.php" ]; @@ -213,6 +261,22 @@ CREDS output_buffering = 0 ''; + services.phpfpm.pools.nextcloud = { + user = "caddy"; + group = "php"; + phpPackage = config.services.phpfpm.pools.mypool.phpPackage; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "clear_env" = "no"; + "listen" = "/run/phpfpm/nextcloud.sock"; + }; + }; + environment.systemPackages = with pkgs; [ unzip ]; sovran_systemsOS.domainRequirements = [ diff --git a/modules/wordpress.nix b/modules/wordpress.nix index af126bc..17c2062 100755 --- a/modules/wordpress.nix +++ b/modules/wordpress.nix @@ -46,7 +46,7 @@ lib.mkIf config.sovran_systemsOS.services.wordpress { # ── Fully automated WordPress setup ─────────────────────── systemd.services.wordpress-init = { description = "Download, extract, and fully configure WordPress"; - after = [ "network-online.target" "mysql.service" "phpfpm-mypool.service" "wordpress-db-init.service" ]; + after = [ "network-online.target" "mysql.service" "phpfpm-wordpress.service" "wordpress-db-init.service" ]; wants = [ "network-online.target" ]; requires = [ "mysql.service" "wordpress-db-init.service" ]; wantedBy = [ "multi-user.target" ]; @@ -162,6 +162,79 @@ CREDS ''; }; + systemd.services.wordpress-detect-existing = { + description = "Detect pre-existing WordPress installation and populate hub credentials"; + after = [ "mysql.service" ]; + wants = [ "mysql.service" ]; + wantedBy = [ "multi-user.target" ]; + + unitConfig = { + ConditionPathExists = [ + "/var/lib/www/wordpress/wp-config.php" + "!/var/lib/secrets/wordpress-admin" + ]; + }; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + path = with pkgs; [ php wp-cli coreutils gnused shadow util-linux ]; + + script = '' + set -euo pipefail + + CONFIG_FILE="/var/lib/www/wordpress/wp-config.php" + CREDS_FILE="/var/lib/secrets/wordpress-admin" + DOMAIN_FILE="/var/lib/domains/wordpress" + URL="" + DOMAIN="" + + URL="$(php -r '$cfg = @file_get_contents("/var/lib/www/wordpress/wp-config.php"); if ($cfg === false) { exit(0); } if (preg_match("/define\\(\\s*[\"\\x27]WP_HOME[\"\\x27]\\s*,\\s*[\"\\x27]([^\"\\x27]+)[\"\\x27]\\s*\\)/", $cfg, $m)) { echo $m[1]; exit(0); } if (preg_match("/define\\(\\s*[\"\\x27]WP_SITEURL[\"\\x27]\\s*,\\s*[\"\\x27]([^\"\\x27]+)[\"\\x27]\\s*\\)/", $cfg, $m)) { echo $m[1]; }' 2>/dev/null || true)" + + if [ -z "$URL" ] && [ -f /var/lib/www/wordpress/wp-load.php ]; then + URL=$(/run/wrappers/bin/su -s /bin/sh caddy -c "cd /var/lib/www/wordpress && wp option get siteurl 2>/dev/null" || true) + fi + + if [ -n "$URL" ]; then + DOMAIN="$(printf '%s' "$URL" | sed -E 's#^[A-Za-z][A-Za-z0-9+.-]*://##; s#/.*$##')" + fi + + mkdir -p /var/lib/secrets /var/lib/domains + + cat > "$CREDS_FILE" << CREDS +WordPress Existing Installation +═══════════════════════════════ +URL: ''${URL:-Unknown (set in $CONFIG_FILE)} +Note: Credentials were set before this flake. + Use existing credentials or reset via: + wp user update --user_pass='' +CREDS + chmod 600 "$CREDS_FILE" + + if [ -n "$DOMAIN" ] && [ ! -f "$DOMAIN_FILE" ]; then + printf '%s\n' "$DOMAIN" > "$DOMAIN_FILE" + fi + ''; + }; + + services.phpfpm.pools.wordpress = { + user = "caddy"; + group = "php"; + phpPackage = config.services.phpfpm.pools.mypool.phpPackage; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "clear_env" = "no"; + "listen" = "/run/phpfpm/wordpress.sock"; + }; + }; + systemd.tmpfiles.rules = [ "d /var/lib/www 0755 caddy root -" "d /var/lib/www/wordpress 0755 caddy root -"