X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fwebsites%2Fphp-application.nix;h=23e2b233581c3b92cc252360e220155f89fdb537;hb=ce95026934c4ea8c647365f68eb195459fcdff08;hp=7bbae50a943fbf5b8ffb95e951d7f724aa6dc7d9;hpb=2e48907d64491a06454b342a1a56d03a0835753d;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix index 7bbae50..23e2b23 100644 --- a/modules/websites/php-application.nix +++ b/modules/websites/php-application.nix @@ -1,12 +1,12 @@ -{ lib, config, ... }: +{ lib, config, pkgs, ... }: with lib; let cfg = config.services.phpApplication; - cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg); + cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps); in { - options = { - services.phpApplication = with types; mkOption { + options = with types; { + services.phpApplication.apps = mkOption { default = {}; description = '' php applications to define @@ -19,6 +19,13 @@ in Path to application’s vardir. ''; }; + varDirPaths = mkOption { + type = attrsOf str; + default = {}; + description = '' + Map of additional folders => mode to create under varDir + ''; + }; mode = mkOption { type = str; default = "0700"; @@ -31,6 +38,45 @@ in default = true; description = "Handle phpsession files separately in vardir"; }; + phpListen = mkOption { + type = nullOr str; + default = null; + description = "Name of the socket to listen to. Defaults to app name if null"; + }; + phpPool = mkOption { + type = attrsOf str; + default = {}; + description = "Pool configuration to append"; + }; + phpEnv = mkOption { + type = attrsOf str; + default = {}; + description = "Pool environment to append"; + }; + phpPackage = mkOption { + type = attrsOf str; + default = pkgs.php; + description = "Php package to use"; + }; + phpOptions = mkOption { + type = lines; + default = ""; + description = "php configuration to append"; + }; + phpOpenbasedir = mkOption { + type = listOf path; + default = []; + description = '' + paths to add to php open_basedir configuration in addition to app and vardir + ''; + }; + phpWatchFiles = mkOption { + type = listOf path; + default = []; + description = '' + Path to other files to watch to trigger preStart scripts + ''; + }; websiteEnv = mkOption { type = str; description = '' @@ -51,6 +97,13 @@ in httpd group to run the prestart scripts as. ''; }; + httpdWatchFiles = mkOption { + type = listOf path; + default = []; + description = '' + Path to other files to watch to trigger httpd reload + ''; + }; app = mkOption { type = path; description = '' @@ -59,6 +112,7 @@ in }; webappName = mkOption { type = nullOr str; + default = null; description = '' Alias name for the app, to be used in services.websites.webappDirs ''; @@ -84,29 +138,64 @@ in List of systemd services this application depends on ''; }; - watchFiles = mkOption { - type = listOf path; - default = []; - description = '' - Path to other files to watch to trigger preStart scripts - ''; - }; }; }); }; + # Read-only variables + services.phpApplication.phpListenPaths = mkOption { + type = attrsOf path; + default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name config.services.phpfpm.pools."${name}".socket + ) cfg.apps; + readOnly = true; + description = '' + Full paths to listen for php + ''; + }; + services.phpApplication.webappDirs = mkOption { + type = attrsOf path; + default = attrsets.filterAttrs (n: v: builtins.hasAttr n cfg.apps) config.services.websites.webappDirsPaths; + readOnly = true; + description = '' + Stable name webapp dirs for httpd + ''; + }; }; config = { - services.websites = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair + services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair name { modules = [ "proxy_fcgi" ]; - watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs); + watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs); } ) cfgByEnv; - services.websitesWebappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - icfg.webappName icfg.webRoot - ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg); + services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name { + user = icfg.httpdUser; + group = icfg.httpdUser; + settings = { + "listen.owner" = icfg.httpdUser; + "listen.group" = icfg.httpdGroup; + "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir); + } + // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; } + // icfg.phpPool; + phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions; + inherit (icfg) phpEnv phpPackage; + } + ) cfg.apps; + + services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + (if icfg.webappName == null then name else icfg.webappName) icfg.webRoot + ) (attrsets.filterAttrs (n: v: !isNull v.webRoot) cfg.apps); + + services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + "phpfpm-${name}" { + restart = true; + paths = icfg.phpWatchFiles; + } + ) (attrsets.filterAttrs (n: v: builtins.length v.phpWatchFiles > 0) cfg.apps); systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair "phpfpm-${name}" { @@ -114,7 +203,7 @@ in wants = icfg.serviceDeps; preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' watchFilesChanged() { - ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} + ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"} [ ! -f "${icfg.varDir}"/watchedFiles ] \ || ! sha512sum -c --status ${icfg.varDir}/watchedFiles } @@ -123,8 +212,8 @@ in "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] } updateWatchFiles() { - ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} - sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles + ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"} + sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles } if watchFilesChanged || appDirChanged; then @@ -136,7 +225,7 @@ in fi ''); } - ) cfg; + ) cfg.apps; system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair name { @@ -145,8 +234,10 @@ in install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir} '' + optionalString (icfg.phpSession) '' install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions - ''; + '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: '' + install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n} + '') icfg.varDirPaths); } - ) cfg; + ) cfg.apps; }; }