From bbea22c02b6c059a6be1064391f06737ee244ba6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 27 Aug 2022 22:38:16 +0200 Subject: [PATCH] Migrate php sessions to redis --- modules/private/databases/redis.nix | 6 ++++ modules/private/tasks/default.nix | 4 ++- modules/private/websites/attilax/dolibarr.nix | 13 +++----- modules/private/websites/chloe/new.nix | 9 +++-- modules/private/websites/chloe/production.nix | 6 ++-- .../christophe_carpentier/agora-project.nix | 6 ++-- .../christophe_carpentier/agorakit.nix | 4 ++- .../christophe_carpentier/website.nix | 8 ++--- .../websites/connexionswing/integration.nix | 8 ++--- .../websites/connexionswing/production.nix | 8 ++--- modules/private/websites/denise/evariste.nix | 21 +++++------- .../websites/emilia/atelierfringant.nix | 8 ++--- modules/private/websites/florian/app.nix | 8 ++--- modules/private/websites/immae/dolibarr.nix | 13 +++----- .../websites/isabelle/aten_integration.nix | 8 ++--- .../websites/isabelle/aten_production.nix | 8 ++--- .../private/websites/isabelle/iridologie.nix | 6 ++-- .../private/websites/jerome/naturaloutil.nix | 13 +++----- modules/private/websites/leila/production.nix | 4 ++- modules/private/websites/librezo/dolibarr.nix | 13 +++----- .../websites/librezo/dolibarr_integration.nix | 13 +++----- .../private/websites/ludivine/integration.nix | 8 ++--- .../private/websites/ludivine/production.nix | 8 ++--- .../nicecoop/dolibarr_integration.nix | 13 +++----- .../websites/nicecoop/gestion-compte.nix | 6 ++-- .../nicecoop/gestion-compte_integration.nix | 6 ++-- .../websites/patrick_fodella/altermondia.nix | 13 +++----- .../websites/patrick_fodella/ecolyeu.nix | 13 +++----- .../websites/piedsjaloux/integration.nix | 8 ++--- .../websites/piedsjaloux/production.nix | 8 ++--- .../ressourcerie_banon/production.nix | 13 +++----- .../private/websites/richie/production.nix | 8 ++--- .../websites/telio_tortay/production.nix | 8 ++--- .../private/websites/tools/cloud/default.nix | 4 +-- modules/private/websites/tools/cloud/farm.nix | 33 +++++++++---------- .../private/websites/tools/dav/davical.nix | 11 ++----- .../private/websites/tools/dav/default.nix | 3 +- .../private/websites/tools/git/default.nix | 3 +- .../private/websites/tools/git/mantisbt.nix | 11 ++----- .../private/websites/tools/kanboard/farm.nix | 6 ++-- .../private/websites/tools/mail/default.nix | 4 +-- .../private/websites/tools/mail/rainloop.nix | 4 +-- .../websites/tools/mail/roundcubemail.nix | 4 +-- .../websites/tools/performance/default.nix | 4 ++- .../private/websites/tools/tools/adminer.nix | 13 +++----- .../private/websites/tools/tools/default.nix | 33 ++++++++++--------- .../websites/tools/tools/dmarc_reports.nix | 2 ++ .../private/websites/tools/tools/dokuwiki.nix | 4 +-- .../private/websites/tools/tools/grocy.nix | 4 +-- .../private/websites/tools/tools/kanboard.nix | 4 +-- modules/private/websites/tools/tools/ldap.nix | 11 ++----- .../private/websites/tools/tools/phpbb.nix | 4 +-- .../private/websites/tools/tools/rompr.nix | 5 +-- .../private/websites/tools/tools/shaarli.nix | 6 ++-- .../private/websites/tools/tools/ttrss.nix | 4 +-- .../private/websites/tools/tools/wallabag.nix | 2 ++ .../private/websites/tools/tools/yourls.nix | 11 ++----- modules/websites/php-application.nix | 8 ----- 58 files changed, 217 insertions(+), 280 deletions(-) diff --git a/modules/private/databases/redis.nix b/modules/private/databases/redis.nix index 2d2c27d..7991691 100644 --- a/modules/private/databases/redis.nix +++ b/modules/private/databases/redis.nix @@ -41,6 +41,12 @@ in { }; systemd.services.redis.serviceConfig.Slice = "redis.slice"; systemd.services.redis.serviceConfig.RuntimeDirectoryMode = lib.mkForce "0755"; + services.redis.servers."php-sessions" = { + enable = true; + maxclients = 1024; + unixSocketPerm = 777; + user = "wwwrun"; + }; services.spiped = { enable = true; diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index 087885d..c914471 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix @@ -247,12 +247,14 @@ in { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "TaskPHPSESSID"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Task:'"; "php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"; }; phpEnv = { PATH = "/etc/profiles/per-user/${user}/bin"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; }; diff --git a/modules/private/websites/attilax/dolibarr.nix b/modules/private/websites/attilax/dolibarr.nix index 3230193..009e645 100644 --- a/modules/private/websites/attilax/dolibarr.nix +++ b/modules/private/websites/attilax/dolibarr.nix @@ -8,12 +8,6 @@ in { options.myServices.websites.attilax.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website"; config = lib.mkIf cfg.enable { - system.activationScripts.dolibarr = { - deps = [ "httpd" "users" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/attilax - ''; - }; services.phpfpm.pools.attilax_dolibarr = { user = apacheUser; group = apacheGroup; @@ -27,13 +21,14 @@ in { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/attilax:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/attilax"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Attilax:Dolibarr:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.attilax_dolibarr = { diff --git a/modules/private/websites/chloe/new.nix b/modules/private/websites/chloe/new.nix index 344810f..0d5c7fb 100644 --- a/modules/private/websites/chloe/new.nix +++ b/modules/private/websites/chloe/new.nix @@ -4,7 +4,6 @@ let cfg = config.myServices.websites.chloe.new; ftpRoot = "/var/lib/chloe_new"; webRoot = "${ftpRoot}/wordpress"; - sessionDir = "${ftpRoot}/sessions"; in { options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration"; @@ -17,10 +16,10 @@ in { "listen.group" = config.services.httpd.Inte.group; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ webRoot - sessionDir "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:NewIntegration:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -28,13 +27,13 @@ in { "pm.max_children" = "5"; "pm.process_idle_timeout" = "60"; }; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; system.activationScripts.chloe_new_integration = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 211232c..129400b 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix @@ -47,20 +47,20 @@ in { "php_admin_value[post_max_size]" = "20M"; # "php_admin_flag[log_errors]" = "on"; "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; - "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:Production:'"; "pm" = "dynamic"; "pm.max_children" = "20"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; system.activationScripts.chloe_production = { deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local - install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; services.websites.env.production.modules = [ "proxy_fcgi" ]; diff --git a/modules/private/websites/christophe_carpentier/agora-project.nix b/modules/private/websites/christophe_carpentier/agora-project.nix index 256734e..5c7c6c5 100644 --- a/modules/private/websites/christophe_carpentier/agora-project.nix +++ b/modules/private/websites/christophe_carpentier/agora-project.nix @@ -12,7 +12,6 @@ in { deps = [ "httpd" "users" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/christophe_carpentier ''; }; services.phpfpm.pools.christophe_carpentier_agora_project = { @@ -26,8 +25,9 @@ in { "pm.max_children" = "5"; "pm.process_idle_timeout" = "60"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/christophe_carpentier:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/christophe_carpentier"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agora-project:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; }; diff --git a/modules/private/websites/christophe_carpentier/agorakit.nix b/modules/private/websites/christophe_carpentier/agorakit.nix index eeca991..26623e5 100644 --- a/modules/private/websites/christophe_carpentier/agorakit.nix +++ b/modules/private/websites/christophe_carpentier/agorakit.nix @@ -88,7 +88,7 @@ in { inherit app; serviceDeps = [ "mysql.service" ]; phpOpenbasedir = [ "/tmp" secretsPath ]; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]); phpPool = { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; @@ -97,6 +97,8 @@ in { "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'"; }; }; diff --git a/modules/private/websites/christophe_carpentier/website.nix b/modules/private/websites/christophe_carpentier/website.nix index 73dfea3..7321cfb 100644 --- a/modules/private/websites/christophe_carpentier/website.nix +++ b/modules/private/websites/christophe_carpentier/website.nix @@ -12,7 +12,6 @@ in { deps = [ "httpd" "users" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/christophe_carpentier ''; }; services.phpfpm.pools.christophe_carpentier_website = { @@ -26,13 +25,14 @@ in { "pm.max_children" = "5"; "pm.process_idle_timeout" = "60"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/christophe_carpentier:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/christophe_carpentier"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:website:'"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.integration.vhostConfs.christophe_carpentier_website = { diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index d042705..097601f 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Connexionswing"; branch = "test"; in { @@ -24,7 +23,8 @@ in { config.secrets.fullPaths."websites/connexionswing/integration" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Connexionswing:Integration:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -35,7 +35,7 @@ in { phpEnv = { SYMFONY_DEBUG_MODE = "\"yes\""; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-connexionswing_integration" = { after = lib.mkAfter ["mysql.service"]; @@ -86,7 +86,7 @@ in { system.activationScripts.connexionswing_integration = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 1260048..dec1dcd 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Connexionswing"; branch = "master"; in { @@ -26,7 +25,8 @@ in { "/run/wrappers/bin/sendmail" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Connexionswing:Production:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -36,7 +36,7 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-connexionswing_production" = { after = lib.mkAfter ["mysql.service"]; @@ -87,7 +87,7 @@ in { system.activationScripts.connexionswing_production = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/denise/evariste.nix b/modules/private/websites/denise/evariste.nix index df4e917..23dd03f 100644 --- a/modules/private/websites/denise/evariste.nix +++ b/modules/private/websites/denise/evariste.nix @@ -15,13 +15,6 @@ in { ]; services.websites.env.production.modules = [ "proxy_fcgi" ]; - system.activationScripts.denise_evariste = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste - ''; - }; services.phpfpm.pools.denise_nsievariste = { user = apacheUser; group = apacheGroup; @@ -35,10 +28,11 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Denise:NsiEvariste:'"; + "php_admin_value[open_basedir]" = "${nsiVarDir}:/tmp"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.vhostConfs.denise_nsievariste = { certName = "denise_evariste"; @@ -77,10 +71,11 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Denise:StmgEvariste:'"; + "php_admin_value[open_basedir]" = "${stmgVarDir}:/tmp"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.vhostConfs.denise_stmgevariste = { certName = "denise_evariste"; diff --git a/modules/private/websites/emilia/atelierfringant.nix b/modules/private/websites/emilia/atelierfringant.nix index 518554b..2f8c54c 100644 --- a/modules/private/websites/emilia/atelierfringant.nix +++ b/modules/private/websites/emilia/atelierfringant.nix @@ -12,7 +12,6 @@ in { deps = [ "httpd" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/emilia/atelierfringant - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/emilia ''; }; systemd.services.phpfpm-emilia_atelierfringant.after = lib.mkAfter [ "mysql.service" ]; @@ -30,13 +29,14 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/emilia:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/emilia"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Emilia:AtelierFringant:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.emilia_atelierfringant = { diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 14cda1b..1df61ac 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix @@ -7,7 +7,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Florian"; branch = "stabilo_dev"; in { @@ -25,7 +24,8 @@ in { config.secrets.fullPaths."websites/florian/app" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Florian:App:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -36,7 +36,7 @@ in { phpEnv = { SYMFONY_DEBUG_MODE = "\"yes\""; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-florian_app" = { after = lib.mkAfter ["mysql.service"]; @@ -86,7 +86,7 @@ in { system.activationScripts.florian_app = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/immae/dolibarr.nix b/modules/private/websites/immae/dolibarr.nix index e9b5144..d716544 100644 --- a/modules/private/websites/immae/dolibarr.nix +++ b/modules/private/websites/immae/dolibarr.nix @@ -8,12 +8,6 @@ in { options.myServices.websites.immae.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website"; config = lib.mkIf cfg.enable { - system.activationScripts.dolibarr = { - deps = [ "httpd" "users" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/immae - ''; - }; services.phpfpm.pools.immae_dolibarr = { user = apacheUser; group = apacheGroup; @@ -27,13 +21,14 @@ in { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/immae:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/immae"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Immae:Dolibarr:'"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.tools.modules = [ "proxy_fcgi" ]; services.websites.env.tools.vhostConfs.immae_dolibarr = { diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix index 21ed00f..0655c7b 100644 --- a/modules/private/websites/isabelle/aten_integration.nix +++ b/modules/private/websites/isabelle/aten_integration.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/public"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/IsabelleAten"; branch = "test"; in { @@ -24,7 +23,8 @@ in { config.secrets.fullPaths."websites/isabelle/aten_integration" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:AtenIntegration:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -35,7 +35,7 @@ in { phpEnv = { SYMFONY_DEBUG_MODE = "\"yes\""; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-isabelle_aten_integration" = { after = lib.mkAfter ["postgresql.service"]; @@ -84,7 +84,7 @@ in { system.activationScripts.isabelle_aten_integration = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/isabelle/aten_production.nix b/modules/private/websites/isabelle/aten_production.nix index ff7e306..dc7165f 100644 --- a/modules/private/websites/isabelle/aten_production.nix +++ b/modules/private/websites/isabelle/aten_production.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/public"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/IsabelleAten"; branch = "master"; in { @@ -25,7 +24,8 @@ in { config.secrets.fullPaths."websites/isabelle/aten_production" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:AtenProduction:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -35,7 +35,7 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-isabelle_aten_production" = { after = lib.mkAfter ["postgresql.service"]; @@ -84,7 +84,7 @@ in { system.activationScripts.isabelle_aten_production = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix index cd733c1..fc53095 100644 --- a/modules/private/websites/isabelle/iridologie.nix +++ b/modules/private/websites/isabelle/iridologie.nix @@ -49,20 +49,20 @@ in { "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; - "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:Iridologie:'"; "pm" = "dynamic"; "pm.max_children" = "20"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]); }; system.activationScripts.isabelle_iridologie = { deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local - install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; services.websites.env.production.modules = [ "proxy_fcgi" ]; diff --git a/modules/private/websites/jerome/naturaloutil.nix b/modules/private/websites/jerome/naturaloutil.nix index 762fce4..0803444 100644 --- a/modules/private/websites/jerome/naturaloutil.nix +++ b/modules/private/websites/jerome/naturaloutil.nix @@ -35,12 +35,6 @@ in { ?> ''; }; - system.activationScripts.jerome_naturaloutil = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/jerome_naturaloutil - ''; - }; systemd.services.phpfpm-jerome_naturaloutil.after = lib.mkAfter [ "mysql.service" ]; systemd.services.phpfpm-jerome_naturaloutil.wants = [ "mysql.service" ]; services.phpfpm.pools.jerome_naturaloutil = { @@ -54,13 +48,14 @@ in { "pm.max_children" = "5"; "pm.process_idle_timeout" = "60"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/jerome_naturaloutil:${secretsPath}:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/jerome_naturaloutil"; + "php_admin_value[open_basedir]" = "${secretsPath}:${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Jerome:Naturaloutil:'"; }; phpEnv = { BDD_CONNECT = secretsPath; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.jerome_naturaloutil = { diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix index 96ba8cb..6676e37 100644 --- a/modules/private/websites/leila/production.nix +++ b/modules/private/websites/leila/production.nix @@ -21,13 +21,15 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Leila:production:'"; "php_admin_value[open_basedir]" = "${varDir}:/tmp"; "php_admin_value[max_execution_time]" = "1800"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); phpEnv = { PATH = lib.makeBinPath [ pkgs.imagemagick ]; }; diff --git a/modules/private/websites/librezo/dolibarr.nix b/modules/private/websites/librezo/dolibarr.nix index 4eb0f7c..0567da6 100644 --- a/modules/private/websites/librezo/dolibarr.nix +++ b/modules/private/websites/librezo/dolibarr.nix @@ -8,12 +8,6 @@ in { options.myServices.websites.librezo.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website"; config = lib.mkIf cfg.enable { - system.activationScripts.dolibarr = { - deps = [ "httpd" "users" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/librezo - ''; - }; services.phpfpm.pools.librezo_dolibarr = { user = apacheUser; group = apacheGroup; @@ -27,13 +21,14 @@ in { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/librezo:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/librezo"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Librezo:Dolibarr:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.librezo_dolibarr = { diff --git a/modules/private/websites/librezo/dolibarr_integration.nix b/modules/private/websites/librezo/dolibarr_integration.nix index f8e3bf4..f292f12 100644 --- a/modules/private/websites/librezo/dolibarr_integration.nix +++ b/modules/private/websites/librezo/dolibarr_integration.nix @@ -8,12 +8,6 @@ in { options.myServices.websites.librezo.dolibarrDev.enable = lib.mkEnableOption "enable Dolibarr website"; config = lib.mkIf cfg.enable { - system.activationScripts.dolibarr = { - deps = [ "httpd" "users" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/librezo - ''; - }; services.phpfpm.pools.librezo_dolibarr_dev = { user = apacheUser; group = apacheGroup; @@ -27,13 +21,14 @@ in { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/librezo:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/librezo"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Librezo:DolibarrIntegration:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.integration.vhostConfs.librezo_dolibarr_dev = { diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix index db05b94..33ab191 100644 --- a/modules/private/websites/ludivine/integration.nix +++ b/modules/private/websites/ludivine/integration.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Ludivine"; branch = "test"; in { @@ -24,7 +23,8 @@ in { config.secrets.fullPaths."websites/ludivine/integration" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Ludivine:Production:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -35,7 +35,7 @@ in { phpEnv = { SYMFONY_DEBUG_MODE = "\"yes\""; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-ludivine_integration" = { after = lib.mkAfter ["mysql.service"]; @@ -85,7 +85,7 @@ in { system.activationScripts.ludivine_integration = { deps = []; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/ludivine/production.nix b/modules/private/websites/ludivine/production.nix index e1e13a5..da27a17 100644 --- a/modules/private/websites/ludivine/production.nix +++ b/modules/private/websites/ludivine/production.nix @@ -6,7 +6,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Ludivine"; branch = "master"; in { @@ -25,7 +24,8 @@ in { config.secrets.fullPaths."websites/ludivine/production" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Ludivine:Production:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -35,7 +35,7 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-ludivine_production" = { after = lib.mkAfter ["mysql.service"]; @@ -85,7 +85,7 @@ in { system.activationScripts.ludivine_production = { deps = []; text = '' - install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/nicecoop/dolibarr_integration.nix b/modules/private/websites/nicecoop/dolibarr_integration.nix index f6cb03b..b84ce53 100644 --- a/modules/private/websites/nicecoop/dolibarr_integration.nix +++ b/modules/private/websites/nicecoop/dolibarr_integration.nix @@ -8,12 +8,6 @@ in { options.myServices.websites.nicecoop.dolibarrDev.enable = lib.mkEnableOption "enable Dolibarr website"; config = lib.mkIf cfg.enable { - system.activationScripts.dolibarr = { - deps = [ "httpd" "users" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/nicecoop - ''; - }; services.phpfpm.pools.nicecoop_dolibarr_dev = { user = apacheUser; group = apacheGroup; @@ -27,13 +21,14 @@ in { "php_admin_value[upload_max_filesize]" = "100M"; "php_admin_value[post_max_size]" = "100M"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nicecoop:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nicecoop"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:DolibarrIntegration:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.integration.vhostConfs.nicecoop_dolibarr_dev = { diff --git a/modules/private/websites/nicecoop/gestion-compte.nix b/modules/private/websites/nicecoop/gestion-compte.nix index fbdd4b0..a82fde2 100644 --- a/modules/private/websites/nicecoop/gestion-compte.nix +++ b/modules/private/websites/nicecoop/gestion-compte.nix @@ -26,13 +26,15 @@ in { ]; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'"; "pm" = "dynamic"; "pm.max_children" = "20"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; system.extraSystemBuilderCmds = let tarball = pkgs.runCommand "production.tar.gz" {} '' @@ -100,7 +102,7 @@ in { system.activationScripts.nicecoop_gestion-compte = { deps = []; text = '' - install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var + install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var ''; }; diff --git a/modules/private/websites/nicecoop/gestion-compte_integration.nix b/modules/private/websites/nicecoop/gestion-compte_integration.nix index bdc2d1a..47f4dc7 100644 --- a/modules/private/websites/nicecoop/gestion-compte_integration.nix +++ b/modules/private/websites/nicecoop/gestion-compte_integration.nix @@ -26,13 +26,15 @@ in { ]; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteIntegration:'"; "pm" = "dynamic"; "pm.max_children" = "20"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.cron = { systemCronJobs = let @@ -99,7 +101,7 @@ in { system.activationScripts.nicecoop_gestion-compte_integration = { deps = []; text = '' - install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var + install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var ''; }; diff --git a/modules/private/websites/patrick_fodella/altermondia.nix b/modules/private/websites/patrick_fodella/altermondia.nix index 84886e0..3a3c2a7 100644 --- a/modules/private/websites/patrick_fodella/altermondia.nix +++ b/modules/private/websites/patrick_fodella/altermondia.nix @@ -12,12 +12,6 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "altermondia.org"; } ]; - system.activationScripts.patrick_fodella_altermondia = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/patrick_fodella_altermondia - ''; - }; systemd.services.phpfpm-patrick_fodella_altermondia.after = lib.mkAfter [ "mysql.service" ]; systemd.services.phpfpm-patrick_fodella_altermondia.wants = [ "mysql.service" ]; services.phpfpm.pools.patrick_fodella_altermondia = { @@ -34,13 +28,14 @@ in { "pm.max_spare_servers" = "3"; "env[BIN_ENV]" = "${binEnv}/bin"; - "php_admin_value[open_basedir]" = "${binEnv}:${builtins.concatStringsSep ":" binEnvPaths}:/var/lib/php/sessions/patrick_fodella_altermondia:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/patrick_fodella_altermondia"; + "php_admin_value[open_basedir]" = "${binEnv}:${builtins.concatStringsSep ":" binEnvPaths}:${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PatrickFodella:Altermondia:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.patrick_fodella_altermondia = { diff --git a/modules/private/websites/patrick_fodella/ecolyeu.nix b/modules/private/websites/patrick_fodella/ecolyeu.nix index d908e78..54dd265 100644 --- a/modules/private/websites/patrick_fodella/ecolyeu.nix +++ b/modules/private/websites/patrick_fodella/ecolyeu.nix @@ -10,12 +10,6 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "ecolyeu-pessicart-nice.fr"; } ]; - system.activationScripts.patrick_fodella_ecolyeu = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/patrick_fodella_ecolyeu - ''; - }; systemd.services.phpfpm-patrick_fodella_ecolyeu.after = lib.mkAfter [ "mysql.service" ]; systemd.services.phpfpm-patrick_fodella_ecolyeu.wants = [ "mysql.service" ]; services.phpfpm.pools.patrick_fodella_ecolyeu = { @@ -31,13 +25,14 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/patrick_fodella_ecolyeu:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/patrick_fodella_ecolyeu"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PatrickFodella:Altermondia:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.patrick_fodella_ecolyeu = { diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 1bf0364..ad6763f 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix @@ -7,7 +7,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Piedsjaloux"; branch = "test"; in { @@ -25,7 +24,8 @@ in { config.secrets.fullPaths."websites/piedsjaloux/integration" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PiedsJaloux:Integration:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -36,7 +36,7 @@ in { phpEnv = { SYMFONY_DEBUG_MODE = "\"yes\""; }; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-piedsjaloux_integration" = { after = lib.mkAfter ["mysql.service"]; @@ -86,7 +86,7 @@ in { system.activationScripts.piedsjaloux_integration = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index a6f5d3e..2fb5a32 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix @@ -7,7 +7,6 @@ let phpRoot = "${ftpRoot}/php"; webRoot = "${phpRoot}/web"; varDir = "${ftpRoot}/var"; - sessionDir = "${ftpRoot}/sessions"; packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Piedsjaloux"; branch = "master"; in { @@ -26,7 +25,8 @@ in { config.secrets.fullPaths."websites/piedsjaloux/production" "/tmp" ]; - "php_admin_value[session.save_path]" = sessionDir; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PiedsJaloux:Production:'"; "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; @@ -36,7 +36,7 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; }; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; systemd.services."phpfpm-piedsjaloux_production" = { after = lib.mkAfter ["mysql.service"]; @@ -86,7 +86,7 @@ in { system.activationScripts.piedsjaloux_production = { deps = ["users"]; text = '' - install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir} + install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ''; }; diff --git a/modules/private/websites/ressourcerie_banon/production.nix b/modules/private/websites/ressourcerie_banon/production.nix index e68f7db..fb85685 100644 --- a/modules/private/websites/ressourcerie_banon/production.nix +++ b/modules/private/websites/ressourcerie_banon/production.nix @@ -10,12 +10,6 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "ressourcerie-banon.org"; } ]; - system.activationScripts.ressourcerie_banon = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/ressourcerie_banon - ''; - }; systemd.services.phpfpm-ressourcerie_banon.after = lib.mkAfter [ "mysql.service" ]; systemd.services.phpfpm-ressourcerie_banon.wants = [ "mysql.service" ]; services.phpfpm.pools.ressourcerie_banon = { @@ -31,13 +25,14 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/ressourcerie_banon:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/ressourcerie_banon"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=RessourcerieBanon:Production:'"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.ressourcerie_banon = { diff --git a/modules/private/websites/richie/production.nix b/modules/private/websites/richie/production.nix index 10a7be9..dc2a36f 100644 --- a/modules/private/websites/richie/production.nix +++ b/modules/private/websites/richie/production.nix @@ -48,7 +48,6 @@ in system.activationScripts.richie_production = { deps = [ "httpd" ]; text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir} ''; }; @@ -65,8 +64,9 @@ in "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production"; + "php_admin_value[open_basedir]" = "${vardir}:${secretPath}:${richieSrc}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Richie:Production:'"; }; phpEnv = { PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}"; @@ -75,7 +75,7 @@ in phpOptions = config.services.phpfpm.phpOptions + '' date.timezone = 'Europe/Paris' ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.richie_production = { diff --git a/modules/private/websites/telio_tortay/production.nix b/modules/private/websites/telio_tortay/production.nix index 8cae3bc..d301e08 100644 --- a/modules/private/websites/telio_tortay/production.nix +++ b/modules/private/websites/telio_tortay/production.nix @@ -18,7 +18,6 @@ in { deps = [ "httpd" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/telio_tortay/logs - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/telio_tortay ''; }; systemd.services.phpfpm-telio_tortay.after = lib.mkAfter [ "mysql.service" ]; @@ -36,13 +35,14 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "3"; - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio_tortay:${varDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio_tortay"; + "php_admin_value[open_basedir]" = "${varDir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=TelioTortay:Production:'"; }; phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; services.websites.env.production.vhostConfs.telio_tortay = { diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index 929fabb..1a0595e 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix @@ -39,7 +39,8 @@ let "php_admin_value[memory_limit]" = "512M"; "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Nextcloud:'"; }; }; in { @@ -198,7 +199,6 @@ in { in '' install -m 0755 -o wwwrun -g wwwrun -d ${varDir} - install -m 0750 -o wwwrun -g wwwrun -d ${varDir}/phpSessions ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json" ) confs)} diff --git a/modules/private/websites/tools/cloud/farm.nix b/modules/private/websites/tools/cloud/farm.nix index de1cfae..1811200 100644 --- a/modules/private/websites/tools/cloud/farm.nix +++ b/modules/private/websites/tools/cloud/farm.nix @@ -5,8 +5,7 @@ let apacheGroup = config.services.httpd.Prod.group; toVardir = name: "/var/lib/nextcloud_farm/${name}"; varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; - toPhpBaseDir = name: [ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps; - phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); + toPhpBaseDir = name: builtins.concatStringsSep ":" ([ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps); toVhost = name: '' SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}" @@ -22,7 +21,7 @@ let CGIPassAuth on - SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud_farm.socket}|fcgi://localhost" + SetHandler "proxy:unix:${config.services.phpfpm.pools.${"nextcloud_farm_" + name}.socket}|fcgi://localhost" @@ -72,24 +71,23 @@ in deps = [ "httpd" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/nextcloud_farm/phpSessions ''; }; - systemd.services.phpfpm-nextcloud_farm.after = lib.mkAfter [ "postgresql.service" ]; - systemd.services.phpfpm-nextcloud_farm.wants = [ "postgresql.service" ]; - services.phpfpm.pools.nextcloud_farm = { + systemd.services = lib.mapAttrs' (k: v: lib.nameValuePair ("phpfpm-nextcloud_farm_" + k) { + after = lib.mkAfter [ "postgresql.service" ]; + wants = [ "postgresql.service" ]; + }) cfg.instances; + services.phpfpm.pools = lib.mapAttrs' (k: v: lib.nameValuePair ("nextcloud_farm_" + k) { user = apacheUser; group = apacheGroup; - settings = let - instanceNb = builtins.length (builtins.attrNames cfg.instances); - in { + settings = { "listen.owner" = apacheUser; "listen.group" = apacheGroup; "pm" = "dynamic"; - "pm.max_children" = builtins.toString (60 * instanceNb); - "pm.start_servers" = builtins.toString (3 * instanceNb); - "pm.min_spare_servers" = builtins.toString (3 * instanceNb); - "pm.max_spare_servers" = builtins.toString (5 * instanceNb); + "pm.max_children" = "60"; + "pm.start_servers" = "3"; + "pm.min_spare_servers" = "3"; + "pm.max_spare_servers" = "3"; "pm.process_idle_timeout" = "60"; "php_admin_value[output_buffering]" = "0"; @@ -107,11 +105,12 @@ in "php_value[opcache.revalidate_freq]" = "1"; "php_admin_value[memory_limit]" = "512M"; - "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/nextcloud_farm/phpSessions"; + "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${toPhpBaseDir k}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:NextcloudFarm:${k}:'"; }; inherit phpPackage; - }; + }) cfg.instances; users.users.root.packages = let toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" '' #! ${pkgs.stdenv.shell} diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix index bc5ecf6..b418cb8 100644 --- a/modules/private/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix @@ -1,11 +1,5 @@ { stdenv, fetchurl, gettext, writeText, env, awl, davical, config }: rec { - activationScript = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical - ''; - }; keys."webapps/dav-davical" = { user = apache.user; group = apache.group; @@ -120,9 +114,10 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "DavicalPHPSESSID"; - "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp"; "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Davical:'"; "php_flag[magic_quotes_gpc]" = "Off"; "php_flag[register_globals]" = "Off"; "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE"; diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix index 289a569..5942fa3 100644 --- a/modules/private/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix @@ -96,7 +96,6 @@ in { # }; #}; }; - system.activationScripts.davical = davical.activationScript; secrets.keys = davical.keys; services.websites.env.tools.modules = davical.apache.modules; @@ -116,7 +115,7 @@ in { user = config.services.httpd.Tools.user; group = config.services.httpd.Tools.group; settings = davical.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; }; }; diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 8e40b42..47a91e5 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix @@ -45,7 +45,6 @@ in { gitweb.apache.modules ++ mantisbt.apache.modules; - system.activationScripts.mantisbt = mantisbt.activationScript; services.websites.env.tools.vhostConfs.git = { certName = "eldiron"; addToCerts = true; @@ -66,7 +65,7 @@ in { user = config.services.httpd.Tools.user; group = config.services.httpd.Tools.group; settings = mantisbt.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; }; }; diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index 2ef76af..3bd78e1 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix @@ -1,11 +1,5 @@ { env, mantisbt_2, mantisbt_2-plugins, config }: rec { - activationScript = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt - ''; - }; keys."webapps/tools-mantisbt" = { user = apache.user; group = apache.group; @@ -84,8 +78,9 @@ rec { "php_admin_value[upload_max_filesize]" = "5000000"; - "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'"; }; }; } diff --git a/modules/private/websites/tools/kanboard/farm.nix b/modules/private/websites/tools/kanboard/farm.nix index a845429..f6085e3 100644 --- a/modules/private/websites/tools/kanboard/farm.nix +++ b/modules/private/websites/tools/kanboard/farm.nix @@ -47,7 +47,7 @@ let }; }; customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances)); - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); in { options.myServices.tools.kanboard.farm = { @@ -113,7 +113,6 @@ in deps = [ "httpd" ]; text = '' install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/kanboard_farm/phpSessions ''; }; services.phpfpm.pools.kanboard_farm = { @@ -147,7 +146,8 @@ in "php_admin_value[memory_limit]" = "512M"; "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/kanboard_farm/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'"; }; inherit phpPackage; }; diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index 377410c..8de7acb 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix @@ -107,13 +107,13 @@ in phpOptions = config.services.phpfpm.phpOptions + '' date.timezone = 'CET' ''; - phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); }; services.phpfpm.pools.rainloop = { user = "wwwrun"; group = "wwwrun"; settings = rainloop.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; system.activationScripts = { roundcubemail = roundcubemail.activationScript; diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix index 7dd32a0..f821005 100644 --- a/modules/private/websites/tools/mail/rainloop.nix +++ b/modules/private/websites/tools/mail/rainloop.nix @@ -5,7 +5,6 @@ rec { deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data ''; }; @@ -48,7 +47,8 @@ rec { "php_admin_value[upload_max_filesize]" = "200M"; "php_admin_value[post_max_size]" = "200M"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rainloop:'"; }; }; } diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix index 2661b55..88a99b4 100644 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ b/modules/private/websites/tools/mail/roundcubemail.nix @@ -6,7 +6,6 @@ rec { text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ ${varDir}/cache ${varDir}/logs - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; keys."webapps/tools-roundcube" = { @@ -112,7 +111,8 @@ rec { "php_admin_value[upload_max_filesize]" = "200M"; "php_admin_value[post_max_size]" = "200M"; "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Roundcubemail:'"; }; }; } diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix index 5715ff0..56da3e5 100644 --- a/modules/private/websites/tools/performance/default.nix +++ b/modules/private/websites/tools/performance/default.nix @@ -79,9 +79,11 @@ in "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:StatusEngine:'"; "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}"; }; - phpPackage = pkgs.php74; + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; }; diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix index c280684..8bdd889 100644 --- a/modules/private/websites/tools/tools/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix @@ -1,16 +1,10 @@ { webapps, php74, myPhpPackages, lib, forcePhpSocket ? null }: rec { - activationScript = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer - ''; - }; webRoot = webapps.adminer; phpFpm = rec { user = apache.user; group = apache.group; - phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam]); + phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam all.redis]); settings = { "listen.owner" = apache.user; "listen.group" = apache.group; @@ -20,8 +14,9 @@ rec { #"php_admin_flag[log_errors]" = "on"; # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "AdminerPHPSESSID"; - "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer"; + "php_admin_value[open_basedir]" = "${webRoot}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Adminer:'"; }; }; apache = rec { diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 99c746d..fd31984 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -365,6 +365,8 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'"; # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "ToolsPHPSESSID"; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ @@ -376,7 +378,7 @@ in { phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; devtools = { user = "wwwrun"; @@ -390,92 +392,91 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'"; "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; }; - phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { user = "wwwrun"; group = "wwwrun"; settings = ttrss.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; wallabag = { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; - phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]); }; yourls = { user = "wwwrun"; group = "wwwrun"; settings = yourls.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; rompr = { user = "wwwrun"; group = "wwwrun"; settings = rompr.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; shaarli = { user = "wwwrun"; group = "wwwrun"; settings = shaarli.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dmarc-reports = { user = "wwwrun"; group = "wwwrun"; settings = dmarc-reports.phpFpm.pool; phpEnv = dmarc-reports.phpFpm.phpEnv; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dokuwiki = { user = "wwwrun"; group = "wwwrun"; settings = dokuwiki.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; phpbb = { user = "wwwrun"; group = "wwwrun"; settings = phpbb.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; ldap = { user = "wwwrun"; group = "wwwrun"; settings = ldap.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; kanboard = { user = "wwwrun"; group = "wwwrun"; settings = kanboard.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; grocy = { user = "wwwrun"; group = "wwwrun"; settings = grocy.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; }; system.activationScripts = { - adminer = adminer.activationScript; grocy = grocy.activationScript; ttrss = ttrss.activationScript; wallabag = wallabag.activationScript; - yourls = yourls.activationScript; rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; phpbb = phpbb.activationScript; kanboard = kanboard.activationScript; - ldap = ldap.activationScript; }; services.websites.env.tools.watchPaths = [ diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix index 8a77b13..7e8704d 100644 --- a/modules/private/websites/tools/tools/dmarc_reports.nix +++ b/modules/private/websites/tools/tools/dmarc_reports.nix @@ -49,6 +49,8 @@ rec { "pm.max_children" = "60"; "pm.process_idle_timeout" = "60"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:DmarcReports:'"; # Needed to avoid clashes in browser cookies (same domain) "php_admin_value[open_basedir]" = "${basedir}:/tmp"; }; diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix index 724168e..83bd123 100644 --- a/modules/private/websites/tools/tools/dokuwiki.nix +++ b/modules/private/websites/tools/tools/dokuwiki.nix @@ -13,7 +13,6 @@ rec { chown -R ${apache.user}:${apache.user} ${varDir}/config ${varDir}/data chmod -R 755 ${varDir}/config ${varDir}/data fi - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; chatonsHostingProperties = { @@ -87,7 +86,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "DokuwikiPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Dokuwiki:'"; }; }; } diff --git a/modules/private/websites/tools/tools/grocy.nix b/modules/private/websites/tools/tools/grocy.nix index 3c45261..96e18a3 100644 --- a/modules/private/websites/tools/tools/grocy.nix +++ b/modules/private/websites/tools/tools/grocy.nix @@ -5,7 +5,6 @@ rec { deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; webRoot = grocy.webRoot; @@ -41,7 +40,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "grocyPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Grocy:'"; }; }; } diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 852d974..db39ecd 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix @@ -5,7 +5,6 @@ rec { deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config ''; @@ -75,7 +74,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "KanboardPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Kanboard:'"; }; }; } diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index 2ca59f7..0ae51ba 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix @@ -1,11 +1,5 @@ { lib, php, env, writeText, phpldapadmin, config }: rec { - activationScript = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin - ''; - }; keys."webapps/tools-ldap" = { user = apache.user; group = apache.group; @@ -62,8 +56,9 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "LdapPHPSESSID"; - "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:PhpLDAPAdmin:'"; }; }; } diff --git a/modules/private/websites/tools/tools/phpbb.nix b/modules/private/websites/tools/tools/phpbb.nix index 88c7817..c1cbd6f 100644 --- a/modules/private/websites/tools/tools/phpbb.nix +++ b/modules/private/websites/tools/tools/phpbb.nix @@ -9,7 +9,6 @@ rec { cp -a ${phpbb}/vars/* ${varDir} chown -R ${apache.user}:${apache.user} ${varDir} fi - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; chatonsHostingProperties = { @@ -63,7 +62,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "PhpBBPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:PhpBB:'"; }; }; } diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix index e80d6b2..1a0e241 100644 --- a/modules/private/websites/tools/tools/rompr.nix +++ b/modules/private/websites/tools/tools/rompr.nix @@ -3,7 +3,7 @@ rec { varDir = "/var/lib/rompr"; activationScript = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ - ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions + ${varDir}/prefs ${varDir}/albumart ''; webRoot = rompr; apache = rec { @@ -57,7 +57,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "RomprPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rompr:'"; "php_flag[magic_quotes_gpc]" = "Off"; "php_flag[track_vars]" = "On"; "php_flag[register_globals]" = "Off"; diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 462de51..e7f106c 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix @@ -4,8 +4,7 @@ let in rec { activationScript = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ - ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ - ${varDir}/phpSessions + ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data ''; webRoot = shaarli varDir; apache = rec { @@ -81,7 +80,8 @@ in rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "ShaarliPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Shaarli:'"; "php_admin_value[upload_max_filesize]" = "200M"; "php_admin_value[post_max_size]" = "200M"; }; diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index c34817f..6a316fa 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix @@ -13,7 +13,6 @@ rec { ${varDir}/cache/simplepie/ \ ${varDir}/cache/upload/ touch ${varDir}/feed-icons/index.html - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; chatonsProperties = { @@ -147,7 +146,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "TtrssPHPSESSID"; "php_admin_value[open_basedir]" = "${basedir}:/tmp"; - "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:TTRSS:'"; }; }; } diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 8ec7c29..d03996a 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix @@ -158,6 +158,8 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "WallabagPHPSESSID"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Wallabag:'"; "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp"; "php_value[max_execution_time]" = "300"; }; diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index c59fae3..2d86a01 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix @@ -1,11 +1,5 @@ { env, yourls, yourls-plugins, config }: rec { - activationScript = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls - ''; - }; keys."webapps/tools-yourls" = { user = apache.user; group = apache.group; @@ -102,8 +96,9 @@ rec { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "YourlsPHPSESSID"; - "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Yourls:'"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp"; }; }; } diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix index b9d9886..caecb6f 100644 --- a/modules/websites/php-application.nix +++ b/modules/websites/php-application.nix @@ -33,11 +33,6 @@ in Mode to apply to the vardir ''; }; - phpSession = mkOption { - type = bool; - default = true; - description = "Handle phpsession files separately in vardir"; - }; phpListen = mkOption { type = nullOr str; default = null; @@ -159,7 +154,6 @@ in "listen.group" = icfg.httpdGroup; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir); } - // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; } // icfg.phpPool; phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions; inherit (icfg) phpEnv phpPackage; @@ -208,8 +202,6 @@ in deps = []; text = optionalString (!isNull icfg.varDir) '' install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir} - '' + optionalString (icfg.phpSession) '' - install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: '' install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n} '') icfg.varDirPaths); -- 2.41.0