From f4f937024ce1f236d531cb8928d49e21bf20412a Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Wed, 24 Jan 2024 14:01:35 +0000
Subject: [PATCH] Run wordpress from a syncthing-ed local folder.

---
 common/compute-node.nix   |  1 +
 common/syncthing-data.nix | 44 +++++++++++++++++++++++++++++++++++++++
 services/wordpress.hcl    |  3 ++-
 3 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 common/syncthing-data.nix

diff --git a/common/compute-node.nix b/common/compute-node.nix
index f73097d..81b1638 100644
--- a/common/compute-node.nix
+++ b/common/compute-node.nix
@@ -10,6 +10,7 @@
     ./sshd.nix
     ./user-ppetru.nix
     ./unattended-encryption.nix
+    ./syncthing-data.nix
     ./systemd-boot.nix
   ];
 }
diff --git a/common/syncthing-data.nix b/common/syncthing-data.nix
new file mode 100644
index 0000000..7d30590
--- /dev/null
+++ b/common/syncthing-data.nix
@@ -0,0 +1,44 @@
+{
+  # TODO: when deploying this to a new machine for the first time, first
+  # comment this out to get /data/sync created with the right owner and
+  # permissions. then, do it again with persistence enabled.
+  # This could list the owner user but I'm not sure if it's already created at
+  # the time impermanence setup runs.
+  environment.persistence."/persist".directories = [
+    "/data/sync"
+  ];
+
+  services.syncthing = {
+    enable = true;
+    dataDir = "/data/sync";
+    openDefaultPorts = true;
+    #guiAddress = "0.0.0.0:8384";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      devices = {
+        "c1" = { id = "53JGRHQ-VGBYIGH-7IT6Z5S-3IMRY2I-LJZAE3B-QUDH3QF-4F4QKVC-VBWPJQ4"; };
+        "c2" = { id = "Z3D476N-PUV6WAD-DSJWVBO-TWEOD4I-KDDMNRB-QEBOP6T-BYPGYTX-RAAYGAW"; };
+        "c3" = { id = "JUQZO6M-65VXR5Y-ZDWY66F-F2EEMQC-HKMD6EB-33TAGPY-ADCB2OX-QT6IAAQ"; };
+      };
+      folders = {
+        "wordpress" = {
+          path = "/data/sync/wordpress";
+          devices = [
+            "c1"
+            "c2"
+            "c3"
+          ];
+          ignorePerms = false;
+          versioning = {
+            type = "staggered";
+            params = {
+              cleanInterval = "3600";
+              maxAge = "15768000";
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/services/wordpress.hcl b/services/wordpress.hcl
index 3061f8c..b5a651c 100644
--- a/services/wordpress.hcl
+++ b/services/wordpress.hcl
@@ -14,12 +14,13 @@ job "wordpress" {
 
     task "server" {
       driver = "docker"
+      user = "237"
 
       config {
         image = "wordpress:latest"
         ports = ["http"]
         volumes = [
-          "/data/compute/appdata/wordpress:/var/www/html",
+          "/data/sync/wordpress:/var/www/html",
         ]
       }