One-stop shop for defining, testing, and deploying a WordPress CMS site using Nginx with Nix, NixOps, and NixOS
This repository contains everything necessary to test and deploy fully operational web servers for Wordpress CMS sites.
This setup uses the powerful Nix package management system and its accompanying toolset:
Note: Nix does not support Windows. If you're on Windows, you'll need to run this from within a Virtual Machine (VM).
With this setup, you can easily deploy your site to one or more servers with minimal effort. You can (and should) also deploy to local VirtualBox virtual machines. And, you can even use the Nix packages to install the site directly on your local host.
rm -r /nix
).nixops
with nix
by running nix-env -i nixops
. However, you don't need to because this repository has a deploy/manage
script that you'll use which will run nixops
tasks for you.SETUP-SECRETS.md
for information on that.This project requires that you build Linux binaries which can be deployed to a server (VirtualBox or otherwise). Since macOS cannot natively build Linux binaries, you will need a NixOS build slave running.
source <(curl -fsSL https://raw.githubusercontent.com/LnL7/nix-docker/master/start-docker-nix-build-slave)
* deploy/manage vbox deploy
(or some other deployment command)default-app-config.nix
):
curl https://api.wordpress.org/secret-key/1.1/salt/ > wordpress-keys.php.secret
.default-app-config.nix
.
autoInstall
section to use enable = true;
../wordpress-admin.keys.nix.sample
to ./wordpress-admin.keys.nix
and replace ...
with your credentials.freezeWordPress = false;
.freezeWordPress = true; freezeThemes = true; freezePlugins = false;
.wordpress.nix
to govern the installed version.plugins.nix
to govern which plugins are installed.themes.nix
to govern which themes are installed.server/
.
server/php-fpm-config.nix
.Create a VirtualBox deployment:
deploy/manage vbox create '<server/logical.vbox.nix>' '<server/physical.vbox.nix>'
deploy/manage vbox deploy
Notes:
nixops
deployments can sometimes be finicky. If something hangs or fails, try running it again. It is a very deterministic system so this should not be a problem.deploy/manage --help
to see all options (this is just nixops
underneath).You should then be able to open the IP of the VM in your browser and test it. If you don't know the IP, run deploy/manage vbox info
.
nixops
didn't notice, your deployments may fail. Try running deploy/manage deploy -d vbox --check
(using the --check
flag) to tell nixops
to reassess the state of the machine.nixops
(i.e. the manage
script) may fail to connect to your machine via SSH. If this happens, remove the line with the old IP from your ~/.ssh/known_hosts
file and try again with the --check
flag.nixops
will fail to deploy because a VirtualBox disk from a previous deploy is still registered. To fix this, take the given disk UUID and run VBoxManage closemedium disk <disk UUID> --delete
.With this setup you can deploy to any PaaS/IaaS service supported by nixops
. Right now this repository contains prewritten configurations for
DEPLOY-GCE.md
.DEPLOY-DIGITAL-OCEAN.md
.We plan to add more (such as AWS) in the future. If you want to do it yourself and understand Nix, the work to add this configuration is minimal. Pull requests welcome!
NOTE: When SSL/TLS is enabled for production servers, the first deployment may take a long time (i.e. more than 20 minutes) to finish. A large chunk of first-deployment time will be spent generating new DH parameters for Nginx. This is normal!
This repository setup assumes you want to keep some things a secret. See SETUP-SECRETS.md
for a rundown of how that works.
All dependencies are fixed to a specific version of Nixpkgs which is configured in deploy/nixpkgs-version.nix
which contains instructions for upgrading. The nixpkgs version also governs the version of NixOps to use during deployments. This can be overridden in nixpkgs-version.sh
.