fix: detect existing Nextcloud/WordPress installs and add dedicated php-fpm pools

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/6d5b7710-ee06-40ff-8975-f8edca8b879f Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
2026-04-17 03:51:10 +00:00
parent 0c596fb396
commit cdb93ad8dc
3 changed files with 142 additions and 5 deletions
--- a/modules/core/caddy.nix
+++ b/modules/core/caddy.nix
@@ -110,7 +110,7 @@ EOF
 $WORDPRESS {
  encode gzip zstd
  root * /var/lib/www/wordpress
-  php_fastcgi unix//run/phpfpm/mypool.sock
+  php_fastcgi unix//run/phpfpm/wordpress.sock
  file_server browse
 }
 EOF
@@ -123,7 +123,7 @@ EOF
 $NEXTCLOUD {
  encode gzip zstd
  root * /var/lib/www/nextcloud
-  php_fastcgi unix//run/phpfpm/mypool.sock {
+  php_fastcgi unix//run/phpfpm/nextcloud.sock {
    trusted_proxies private_ranges
  }
  file_server
@@ -221,4 +221,4 @@ ${extraVhosts}
 CUSTOM_VHOSTS_EOF
    '';
  };
-}
+}
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -53,7 +53,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud {
  # ── Fully automated Nextcloud setup ───────────────────────
  systemd.services.nextcloud-init = {
    description = "Download, extract, and fully configure Nextcloud";
-    after = [ "network-online.target" "postgresql.service" "phpfpm-mypool.service" "nextcloud-db-init.service" ];
+    after = [ "network-online.target" "postgresql.service" "phpfpm-nextcloud.service" "nextcloud-db-init.service" ];
    wants = [ "network-online.target" ];
    requires = [ "postgresql.service" "nextcloud-db-init.service" ];
    wantedBy = [ "multi-user.target" ];
@@ -199,6 +199,54 @@ CREDS
    '';
  };

+  systemd.services.nextcloud-detect-existing = {
+    description = "Detect pre-existing Nextcloud installation and populate hub credentials";
+    after = [ "postgresql.service" ];
+    wants = [ "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    unitConfig = {
+      ConditionPathExists = [
+        "/var/lib/www/nextcloud/config/config.php"
+        "!/var/lib/secrets/nextcloud-admin"
+      ];
+    };
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+
+    path = with pkgs; [ php coreutils gnused ];
+
+    script = ''
+      set -euo pipefail
+
+      CONFIG_FILE="/var/lib/www/nextcloud/config/config.php"
+      CREDS_FILE="/var/lib/secrets/nextcloud-admin"
+      DOMAIN_FILE="/var/lib/domains/nextcloud"
+      DOMAIN=""
+
+      DOMAIN="$(php -r '$cfg = @include "/var/lib/www/nextcloud/config/config.php"; if (!is_array($cfg)) { exit(0); } $url = $cfg["overwrite.cli.url"] ?? ""; if (is_string($url) && $url !== "") { $host = parse_url($url, PHP_URL_HOST); if (is_string($host) && $host !== "") { echo $host; exit(0); } } $trusted = $cfg["trusted_domains"] ?? []; if (is_array($trusted)) { foreach ($trusted as $entry) { if (is_string($entry) && $entry !== "") { $entry = preg_replace("#^https?://#", "", $entry); $entry = preg_replace("#/.*$#", "", $entry); if ($entry !== "") { echo $entry; exit(0); } } } } if (is_string($trusted) && $trusted !== "") { $trusted = preg_replace("#^https?://#", "", $trusted); $trusted = preg_replace("#/.*$#", "", $trusted); echo $trusted; }' 2>/dev/null || true)"
+
+      mkdir -p /var/lib/secrets /var/lib/domains
+
+      cat > "$CREDS_FILE" << CREDS
+Nextcloud Existing Installation
+═══════════════════════════════
+URL:      ''${DOMAIN:+https://$DOMAIN/}''${DOMAIN:-Unknown (set in $CONFIG_FILE)}
+Note:     Credentials were set before this flake.
+          Use existing credentials or reset via:
+          php /var/lib/www/nextcloud/occ user:resetpassword <admin-user>
+CREDS
+      chmod 600 "$CREDS_FILE"
+
+      if [ -n "$DOMAIN" ] && [ ! -f "$DOMAIN_FILE" ]; then
+        printf '%s\n' "$DOMAIN" > "$DOMAIN_FILE"
+      fi
+    '';
+  };
+
  services.cron.systemCronJobs = [
    "*/5 * * * * caddy /run/current-system/sw/bin/php -f /var/lib/www/nextcloud/cron.php"
  ];
@@ -213,6 +261,22 @@ CREDS
    output_buffering = 0
  '';

+  services.phpfpm.pools.nextcloud = {
+    user = "caddy";
+    group = "php";
+    phpPackage = config.services.phpfpm.pools.mypool.phpPackage;
+    settings = {
+      "pm" = "dynamic";
+      "pm.max_children" = 75;
+      "pm.start_servers" = 10;
+      "pm.min_spare_servers" = 5;
+      "pm.max_spare_servers" = 20;
+      "pm.max_requests" = 500;
+      "clear_env" = "no";
+      "listen" = "/run/phpfpm/nextcloud.sock";
+    };
+  };
+
  environment.systemPackages = with pkgs; [ unzip ];
  
  sovran_systemsOS.domainRequirements = [
--- a/modules/wordpress.nix
+++ b/modules/wordpress.nix
@@ -46,7 +46,7 @@ lib.mkIf config.sovran_systemsOS.services.wordpress {
  # ── Fully automated WordPress setup ───────────────────────
  systemd.services.wordpress-init = {
    description = "Download, extract, and fully configure WordPress";
-    after = [ "network-online.target" "mysql.service" "phpfpm-mypool.service" "wordpress-db-init.service" ];
+    after = [ "network-online.target" "mysql.service" "phpfpm-wordpress.service" "wordpress-db-init.service" ];
    wants = [ "network-online.target" ];
    requires = [ "mysql.service" "wordpress-db-init.service" ];
    wantedBy = [ "multi-user.target" ];
@@ -162,6 +162,79 @@ CREDS
    '';
  };

+  systemd.services.wordpress-detect-existing = {
+    description = "Detect pre-existing WordPress installation and populate hub credentials";
+    after = [ "mysql.service" ];
+    wants = [ "mysql.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    unitConfig = {
+      ConditionPathExists = [
+        "/var/lib/www/wordpress/wp-config.php"
+        "!/var/lib/secrets/wordpress-admin"
+      ];
+    };
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+
+    path = with pkgs; [ php wp-cli coreutils gnused shadow util-linux ];
+
+    script = ''
+      set -euo pipefail
+
+      CONFIG_FILE="/var/lib/www/wordpress/wp-config.php"
+      CREDS_FILE="/var/lib/secrets/wordpress-admin"
+      DOMAIN_FILE="/var/lib/domains/wordpress"
+      URL=""
+      DOMAIN=""
+
+      URL="$(php -r '$cfg = @file_get_contents("/var/lib/www/wordpress/wp-config.php"); if ($cfg === false) { exit(0); } if (preg_match("/define\\(\\s*[\"\\x27]WP_HOME[\"\\x27]\\s*,\\s*[\"\\x27]([^\"\\x27]+)[\"\\x27]\\s*\\)/", $cfg, $m)) { echo $m[1]; exit(0); } if (preg_match("/define\\(\\s*[\"\\x27]WP_SITEURL[\"\\x27]\\s*,\\s*[\"\\x27]([^\"\\x27]+)[\"\\x27]\\s*\\)/", $cfg, $m)) { echo $m[1]; }' 2>/dev/null || true)"
+
+      if [ -z "$URL" ] && [ -f /var/lib/www/wordpress/wp-load.php ]; then
+        URL=$(/run/wrappers/bin/su -s /bin/sh caddy -c "cd /var/lib/www/wordpress && wp option get siteurl 2>/dev/null" || true)
+      fi
+
+      if [ -n "$URL" ]; then
+        DOMAIN="$(printf '%s' "$URL" | sed -E 's#^[A-Za-z][A-Za-z0-9+.-]*://##; s#/.*$##')"
+      fi
+
+      mkdir -p /var/lib/secrets /var/lib/domains
+
+      cat > "$CREDS_FILE" << CREDS
+WordPress Existing Installation
+═══════════════════════════════
+URL:      ''${URL:-Unknown (set in $CONFIG_FILE)}
+Note:     Credentials were set before this flake.
+          Use existing credentials or reset via:
+          wp user update <admin-user> --user_pass='<new-password>'
+CREDS
+      chmod 600 "$CREDS_FILE"
+
+      if [ -n "$DOMAIN" ] && [ ! -f "$DOMAIN_FILE" ]; then
+        printf '%s\n' "$DOMAIN" > "$DOMAIN_FILE"
+      fi
+    '';
+  };
+
+  services.phpfpm.pools.wordpress = {
+    user = "caddy";
+    group = "php";
+    phpPackage = config.services.phpfpm.pools.mypool.phpPackage;
+    settings = {
+      "pm" = "dynamic";
+      "pm.max_children" = 75;
+      "pm.start_servers" = 10;
+      "pm.min_spare_servers" = 5;
+      "pm.max_spare_servers" = 20;
+      "pm.max_requests" = 500;
+      "clear_env" = "no";
+      "listen" = "/run/phpfpm/wordpress.sock";
+    };
+  };
+
  systemd.tmpfiles.rules = [
    "d /var/lib/www 0755 caddy root -"
    "d /var/lib/www/wordpress 0755 caddy root -"