'';
};
- systemd.services.phpfpm-christophe_carpentier_agorakit.preStart = ''
- if [ ! -e ${varDir}/.filled ]; then
- cp -r ${app}/oldvars/* ${varDir}
- chmod -R u+w ${varDir}
- chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
- touch ${varDir}/.filled
- fi
- '';
- services.phpApplication.apps.christophe_carpentier_agorakit = {
- websiteEnv = "production";
- httpdUser = config.services.httpd.Prod.user;
- httpdGroup = config.services.httpd.Prod.group;
- inherit (app) varDir;
- inherit app;
- serviceDeps = [ "mysql.service" ];
- phpOpenbasedir = [ "/tmp" secretsPath ];
- phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
- phpPool = {
+ services.phpfpm.pools.christophe_carpentier_agorakit = {
+ user = config.services.httpd.Prod.user;
+ group = config.services.httpd.Prod.group;
+ settings = {
+ "listen.owner" = config.services.httpd.Prod.user;
+ "listen.group" = config.services.httpd.Prod.group;
+ "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [app app.varDir "/tmp" secretsPath];
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
"pm" = "dynamic";
"php_admin_value[session.save_handler]" = "redis";
"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
};
+ phpOptions = config.services.phpfpm.phpOptions;
+ phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
+ };
+ systemd.services.phpfpm-christophe_carpentier_agorakit = {
+ after = lib.mkAfter ["mysql.service"];
+ wants = ["mysql.service"];
+ preStart = ''
+ if [ ! -e ${varDir}/.filled ]; then
+ cp -r ${app}/oldvars/* ${varDir}
+ chmod -R u+w ${varDir}
+ chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
+ touch ${varDir}/.filled
+ fi
+ '';
+ };
+
+ system.activationScripts.christophe_carpentier_agorakit = {
+ deps = [];
+ text = ''
+ install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${app.varDir}
+ '';
};
services.cron = {
+++ /dev/null
-{ lib, config, pkgs, ... }:
-with lib;
-let
- cfg = config.services.phpApplication;
- cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps);
-in
-{
- options = with types; {
- services.phpApplication.apps = mkOption {
- default = {};
- description = ''
- php applications to define
- '';
- type = attrsOf (submodule {
- options = {
- varDir = mkOption {
- type = nullOr path;
- description = ''
- Path to application’s vardir.
- '';
- };
- varDirPaths = mkOption {
- type = attrsOf str;
- default = {};
- description = ''
- Map of additional folders => mode to create under varDir
- '';
- };
- mode = mkOption {
- type = str;
- default = "0700";
- description = ''
- Mode to apply to the vardir
- '';
- };
- phpListen = mkOption {
- type = nullOr str;
- default = null;
- description = "Name of the socket to listen to. Defaults to app name if null";
- };
- phpPool = mkOption {
- type = attrsOf str;
- default = {};
- description = "Pool configuration to append";
- };
- phpEnv = mkOption {
- type = attrsOf str;
- default = {};
- description = "Pool environment to append";
- };
- phpPackage = mkOption {
- type = attrsOf str;
- default = pkgs.php;
- description = "Php package to use";
- };
- phpOptions = mkOption {
- type = lines;
- default = "";
- description = "php configuration to append";
- };
- phpOpenbasedir = mkOption {
- type = listOf path;
- default = [];
- description = ''
- paths to add to php open_basedir configuration in addition to app and vardir
- '';
- };
- phpWatchFiles = mkOption {
- type = listOf path;
- default = [];
- description = ''
- Path to other files to watch to trigger preStart scripts
- '';
- };
- websiteEnv = mkOption {
- type = str;
- description = ''
- website instance name to use
- '';
- };
- httpdUser = mkOption {
- type = str;
- default = config.services.httpd.user;
- description = ''
- httpd user to run the prestart scripts as.
- '';
- };
- httpdGroup = mkOption {
- type = str;
- default = config.services.httpd.group;
- description = ''
- httpd group to run the prestart scripts as.
- '';
- };
- httpdWatchFiles = mkOption {
- type = listOf path;
- default = [];
- description = ''
- Path to other files to watch to trigger httpd reload
- '';
- };
- app = mkOption {
- type = path;
- description = ''
- Path to application root
- '';
- };
- preStartActions = mkOption {
- type = listOf str;
- default = [];
- description = ''
- List of actions to run as apache user at preStart when
- whatchFiles or app dir changed.
- '';
- };
- serviceDeps = mkOption {
- type = listOf str;
- default = [];
- description = ''
- List of systemd services this application depends on
- '';
- };
- };
- });
- };
- # Read-only variables
- services.phpApplication.phpListenPaths = mkOption {
- type = attrsOf path;
- default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
- name config.services.phpfpm.pools."${name}".socket
- ) cfg.apps;
- readOnly = true;
- description = ''
- Full paths to listen for php
- '';
- };
- };
-
- config = {
- services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
- name {
- modules = [ "proxy_fcgi" ];
- watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs);
- }
- ) cfgByEnv;
-
- services.phpfpm.phpPackage = pkgs.php74;
- services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
- name {
- user = icfg.httpdUser;
- group = icfg.httpdUser;
- settings = {
- "listen.owner" = icfg.httpdUser;
- "listen.group" = icfg.httpdGroup;
- "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir);
- }
- // icfg.phpPool;
- phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions;
- inherit (icfg) phpEnv phpPackage;
- }
- ) cfg.apps;
-
- services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
- "phpfpm-${name}" {
- restart = true;
- paths = icfg.phpWatchFiles;
- }
- ) (attrsets.filterAttrs (n: v: builtins.length v.phpWatchFiles > 0) cfg.apps);
-
- systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
- "phpfpm-${name}" {
- after = lib.mkAfter icfg.serviceDeps;
- wants = icfg.serviceDeps;
- preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
- watchFilesChanged() {
- ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"}
- [ ! -f "${icfg.varDir}"/watchedFiles ] \
- || ! sha512sum -c --status ${icfg.varDir}/watchedFiles
- }
- appDirChanged() {
- [ ! -f "${icfg.varDir}/currentWebappDir" -o \
- "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
- }
- updateWatchFiles() {
- ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"}
- sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles
- }
-
- if watchFilesChanged || appDirChanged; then
- pushd ${icfg.app} > /dev/null
- ${builtins.concatStringsSep "\n " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) }
- popd > /dev/null
- echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir
- updateWatchFiles
- fi
- '');
- }
- ) cfg.apps;
-
- system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
- name {
- deps = [];
- text = optionalString (!isNull icfg.varDir) ''
- install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}
- '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: ''
- install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n}
- '') icfg.varDirPaths);
- }
- ) cfg.apps;
- };
-}
projects / perso / Immae / Config / Nix.git / commitdiff
