Added nixpress WP+PHP+MariaDB+NGINX+REDIS

2025-05-11 21:57:59 +03:00
parent 4a5561d57c
commit 7f5788c964
14 changed files with 465 additions and 29 deletions
--- a/nixpress/.gitignore
+++ b/nixpress/.gitignore
@@ -0,0 +1,22 @@
+# Devenv
+.devenv*
+devenv.local.nix
+
+# direnv
+.direnv
+
+# pre-commit
+.pre-commit-config.yaml
+
+# WordPress site
+/html/
+/vendor/
+# Devenv
+.devenv*
+devenv.local.nix
+
+# direnv
+.direnv
+
+# pre-commit
+.pre-commit-config.yaml
--- a/nixpress/README.md
+++ b/nixpress/README.md
@@ -0,0 +1,45 @@
+# nixpress
+
+> 🌀 Reproducible WordPress + PHP + Nginx development environment powered by Nix Flakes
+
+![Wordpress Home Screen](./screenshots/wordpress.png)
+
+
+**nixpress** is a Nix-based development stack for WordPress and PHP applications, designed with NixOS users in mind. It provides a declarative, reproducible setup using Nix Flakes, making it easy to spin up a complete local environment with:
+
+- ✅ WordPress
+- ✅ PHP (with extensions)
+- ✅ Nginx
+- ✅ MariaDB (MySQL-compatible)
+- ✅ Redis
+- ✅ TLS via Caddy (optional)
+
+---
+
+## 🚀 Features
+
+- 📦 **Fully reproducible** using Nix flakes
+- 🐘 PHP + Nginx with FastCGI support
+- 📚 WordPress auto-installable setup
+- 🧠 Redis for caching support
+- 🔒 Optionally supports TLS using mkcert & Caddy
+- 🔧 Easy to extend and customize
+
+---
+
+## 🛠 Requirements
+
+- [Nix](https://nixos.org/download.html) with flakes enabled
+- NixOS (recommended)
+- `git`, `mkcert` (optional for TLS)
+
+---
+
+## 🔧 Getting Started
+
+Clone the repo and enter the dev shell:
+
+```bash
+git clone https://github.com/SoftEng-Islam/nixpress
+cd nixpress
+devenv up
--- a/nixpress/composer.json
+++ b/nixpress/composer.json
@@ -0,0 +1,21 @@
+{
+    "type": "project",
+    "repositories": [
+      {
+        "type": "composer",
+        "url": "https://wpackagist.org"
+      }
+    ],
+    "config": {
+        "allow-plugins": {
+            "composer/installers": true
+        }
+    },
+    "extra": {
+      "installer-paths": {
+        "html/wp-content/mu-plugins/{$name}": ["type:wordpress-muplugin", "wpackagist-plugin/more-privacy-options"],
+        "html/wp-content/plugins/{$name}": ["type:wordpress-plugin"],
+        "html/wp-content/themes/{$name}": ["type:wordpress-theme"]
+      }
+    }
+}
--- a/nixpress/composer.lock
+++ b/nixpress/composer.lock
@@ -0,0 +1,18 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "265c7497cc8040f3cc44e561abd226ab",
+    "packages": [],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": {},
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": {},
+    "platform-dev": {},
+    "plugin-api-version": "2.6.0"
+}
--- a/nixpress/conf/nginx/locations
+++ b/nixpress/conf/nginx/locations
@@ -0,0 +1,23 @@
+location / {
+  try_files $uri $uri/ /index.php?$args ;
+}
+
+location ~ /\.ht {
+  deny all;
+}
+
+location = /favicon.ico {
+  log_not_found off;
+  access_log off;
+}
+
+location = /robots.txt {
+  allow all;
+  log_not_found off;
+  access_log off;
+}
+
+location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+  expires max;
+  log_not_found off;
+}
--- a/nixpress/devenv.lock
+++ b/nixpress/devenv.lock
@@ -0,0 +1,100 @@
+{
+  "nodes": {
+    "devenv": {
+      "locked": {
+        "dir": "src/modules",
+        "lastModified": 1733525154,
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "d74232153d60ccdeba6f41eec8ce8b2be0b33ac6",
+        "type": "github"
+      },
+      "original": {
+        "dir": "src/modules",
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1733477122,
+        "owner": "cachix",
+        "repo": "devenv-nixpkgs",
+        "rev": "7bd9e84d0452f6d2e63b6e6da29fe73fac951857",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "rolling",
+        "repo": "devenv-nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746537231,
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/nixpress/devenv.nix
+++ b/nixpress/devenv.nix
@@ -0,0 +1,129 @@
+{ pkgs, lib, config, inputs, ... }:
+let
+  listen_port = 8012;
+  server_name = "localhost";
+in {
+  # https://devenv.sh/basics/
+  env.WORDPRESS_VERSION = "6.8.1";
+  env.WORDPRESS_REPO = "https://github.com/WordPress/WordPress";
+  env.GREET = "devenv";
+
+  # https://devenv.sh/packages/
+  packages = [ pkgs.git pkgs.wp-cli ];
+
+  # https://devenv.sh/languages/
+  # Configure PHP
+  languages.php.package = pkgs.php83.buildEnv {
+    extensions = ({ enabled, all }: enabled ++ (with all; [ yaml ]));
+    extraConfig = ''
+      sendmail_path = ${config.services.mailpit.package}/bin/mailpit sendmail
+      smtp_port = 1025
+      upload_max_filesize = 64M
+      post_max_size = 64M
+      max_execution_time = 300
+    '';
+  };
+  languages.php.fpm.pools.web = {
+    settings = {
+      "clear_env" = "no";
+      "pm" = "dynamic";
+      "pm.max_children" = 10;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 1;
+      "pm.max_spare_servers" = 10;
+    };
+  };
+  languages.php.enable = true;
+
+  # https://devenv.sh/processes/
+  # processes.cargo-watch.exec = "cargo-watch";
+
+  # https://devenv.sh/services/
+  # MySQL
+  services.mysql = {
+    enable = true;
+    initialDatabases = [{ name = "wordpress"; }];
+    ensureUsers = [{
+      name = "wordpress";
+      password = "wordpress";
+      ensurePermissions = { "wordpress.*" = "ALL PRIVILEGES"; };
+    }];
+  };
+
+  # NGINX
+  services.nginx = {
+    enable = true;
+    httpConfig = ''
+      server {
+        listen ${toString listen_port};
+        root ${config.devenv.root}/html;
+        index index.php index.html;
+        server_name ${server_name};
+
+        # ✅ Increase max upload size
+        client_max_body_size 64M;
+
+        # Rewrite rules
+        if (!-e $request_filename) {
+          rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
+          rewrite ^(/[^/]+)?(/wp-.*) $2 last;
+          rewrite ^(/[^/]+)?(/.*\.php) $2 last;
+        }
+
+        location ~ \.php$ {
+          try_files $uri =404;
+          fastcgi_pass unix:${config.languages.php.fpm.pools.web.socket};
+          include ${pkgs.nginx}/conf/fastcgi.conf;
+        }
+    '' + (builtins.readFile ./conf/nginx/locations) + "}";
+  };
+
+  # Mailpit
+  services.mailpit = { enable = true; };
+
+  # https://devenv.sh/scripts/
+  scripts.hello.exec = ''
+    echo hello from $GREET
+  '';
+
+  # Sets up local WordPress core
+  enterShell = ''
+    test -d html || git clone --depth 1 --branch ${config.env.WORDPRESS_VERSION} ${config.env.WORDPRESS_REPO} html
+    composer install
+    php --version
+  '';
+
+  processes.open-url.exec = ''
+    echo "🚀 WordPress is running at: http://${server_name}:${
+      toString listen_port
+    }"
+
+    if command -v xdg-open > /dev/null; then
+      xdg-open http://${server_name}:${toString listen_port}
+    elif command -v open > /dev/null; then
+      open http://${server_name}:${toString listen_port}
+    else
+      echo "⚠️ Could not auto-open browser."
+    fi
+
+    # Prevent the process from exiting immediately so it's visible in logs
+    sleep 600
+  '';
+
+  # https://devenv.sh/tasks/
+  # tasks = {
+  #   "myproj:setup".exec = "mytool build";
+  #   "devenv:enterShell".after = [ "myproj:setup" ];
+  # };
+
+  # https://devenv.sh/tests/
+  enterTest = ''
+    echo "Running tests"
+    git --version | grep --color=auto "${pkgs.git.version}"
+  '';
+
+  # https://devenv.sh/pre-commit-hooks/
+  # pre-commit.hooks.shellcheck.enable = true;
+
+  # See full reference at https://devenv.sh/reference/options/
+}
--- a/nixpress/devenv.yaml
+++ b/nixpress/devenv.yaml
@@ -0,0 +1,15 @@
+# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json
+inputs:
+  nixpkgs:
+    url: github:cachix/devenv-nixpkgs/rolling
+
+# If you're using non-OSS software, you can set allowUnfree to true.
+# allowUnfree: true
+
+# If you're willing to use a package that's vulnerable
+# permittedInsecurePackages:
+#  - "openssl-1.1.1w"
+
+# If you have more than one devenv you can merge them
+#imports:
+# - ./backend
--- a/nixpress/screenshots/wordpress.png
+++ b/nixpress/screenshots/wordpress.png
--- a/nixpress/testdev.nix
+++ b/nixpress/testdev.nix
@@ -0,0 +1,62 @@
+{ pkgs, config, ... }:
+
+{
+  packages = with pkgs; [ git wp-cli ];
+
+  languages.php.enable = true;
+  languages.php.package = pkgs.php82.buildEnv {
+    extensions = { all, enabled }:
+      with all;
+      enabled ++ [ redis pdo_mysql xdebug ];
+    extraConfig = ''
+      memory_limit = -1
+      xdebug.mode = debug
+      xdebug.start_with_request = yes
+      xdebug.idekey = vscode
+      xdebug.log_level = 0
+      max_execution_time = 0
+    '';
+  };
+
+  languages.php.fpm.pools.web = {
+    settings = {
+      "clear_env" = "no";
+      "pm" = "dynamic";
+      "pm.max_children" = 10;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 1;
+      "pm.max_spare_servers" = 10;
+    };
+  };
+
+  certificates = [ "wp.localhost" ];
+
+  # This lets Caddy bind to 443
+  scripts.caddy-setcap.exec = ''
+    sudo setcap 'cap_net_bind_service=+ep' ${pkgs.caddy}/bin/caddy
+  '';
+  services.redis.enable = true;
+
+  # Links to MariaDB internally
+  services.mysql = {
+    enable = true;
+    settings.mysqld = { max_allowed_packet = "512M"; };
+  };
+
+  services.mysql.initialDatabases = [{ name = "wp"; }];
+  services.mysql.ensureUsers = [{
+    name = "wordpress";
+    password = "YourSecretSauceHere";
+    ensurePermissions = { "wp.*" = "ALL PRIVILEGES"; };
+  }];
+
+  services.caddy.enable = true;
+  services.caddy.virtualHosts."wp.localhost" = {
+    extraConfig = ''
+      tls ${config.env.DEVENV_STATE}/mkcert/wp.localhost.pem ${config.env.DEVENV_STATE}/mkcert/wp.localhost-key.pem
+      root * .
+      php_fastcgi unix/${config.languages.php.fpm.pools.web.socket}
+      file_server
+    '';
+  };
+}