modules/websites/php-application.nix

   1 { lib, config, pkgs, ... }:
   2 with lib;
   3 let
   4   cfg = config.services.phpApplication;
   5   cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps);
   6 in
   7 {
   8   options = with types; {
   9     services.phpApplication.apps = mkOption {
  10       default = {};
  11       description = ''
  12         php applications to define
  13         '';
  14       type = attrsOf (submodule {
  15         options = {
  16           varDir = mkOption {
  17             type = nullOr path;
  18             description = ''
  19               Path to application’s vardir.
  20               '';
  21           };
  22           varDirPaths = mkOption {
  23             type = attrsOf str;
  24             default = {};
  25             description = ''
  26               Map of additional folders => mode to create under varDir
  27               '';
  28           };
  29           mode = mkOption {
  30             type = str;
  31             default = "0700";
  32             description = ''
  33               Mode to apply to the vardir
  34               '';
  35           };
  36           phpSession = mkOption {
  37             type = bool;
  38             default = true;
  39             description = "Handle phpsession files separately in vardir";
  40           };
  41           phpListen = mkOption {
  42             type = nullOr str;
  43             default = null;
  44             description = "Name of the socket to listen to. Defaults to app name if null";
  45           };
  46           phpPool = mkOption {
  47             type = attrsOf str;
  48             default = {};
  49             description = "Pool configuration to append";
  50           };
  51           phpEnv = mkOption {
  52             type = attrsOf str;
  53             default = {};
  54             description = "Pool environment to append";
  55           };
  56           phpPackage = mkOption {
  57             type = attrsOf str;
  58             default = pkgs.php;
  59             description = "Php package to use";
  60           };
  61           phpOptions = mkOption {
  62             type = lines;
  63             default = "";
  64             description = "php configuration to append";
  65           };
  66           phpOpenbasedir = mkOption {
  67             type = listOf path;
  68             default = [];
  69             description = ''
  70               paths to add to php open_basedir configuration in addition to app and vardir
  71               '';
  72           };
  73           phpWatchFiles = mkOption {
  74             type = listOf path;
  75             default = [];
  76             description = ''
  77               Path to other files to watch to trigger preStart scripts
  78               '';
  79           };
  80           websiteEnv = mkOption {
  81             type = str;
  82             description = ''
  83               website instance name to use
  84               '';
  85           };
  86           httpdUser = mkOption {
  87             type = str;
  88             default = config.services.httpd.user;
  89             description = ''
  90               httpd user to run the prestart scripts as.
  91               '';
  92           };
  93           httpdGroup = mkOption {
  94             type = str;
  95             default = config.services.httpd.group;
  96             description = ''
  97               httpd group to run the prestart scripts as.
  98               '';
  99           };
 100           httpdWatchFiles = mkOption {
 101             type = listOf path;
 102             default = [];
 103             description = ''
 104               Path to other files to watch to trigger httpd reload
 105               '';
 106           };
 107           app = mkOption {
 108             type = path;
 109             description = ''
 110               Path to application root
 111               '';
 112           };
 113           webappName = mkOption {
 114             type = nullOr str;
 115             default = null;
 116             description = ''
 117               Alias name for the app, to be used in services.websites.webappDirs
 118               '';
 119           };
 120           webRoot = mkOption {
 121             type = nullOr path;
 122             description = ''
 123               Path to the web root path of the application. May differ from the application itself (usually a subdirectory)
 124               '';
 125           };
 126           preStartActions = mkOption {
 127             type = listOf str;
 128             default = [];
 129             description = ''
 130               List of actions to run as apache user at preStart when
 131               whatchFiles or app dir changed.
 132               '';
 133           };
 134           serviceDeps = mkOption {
 135             type = listOf str;
 136             default = [];
 137             description = ''
 138               List of systemd services this application depends on
 139               '';
 140           };
 141         };
 142       });
 143     };
 144     # Read-only variables
 145     services.phpApplication.phpListenPaths = mkOption {
 146       type = attrsOf path;
 147       default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 148         name config.services.phpfpm.pools."${name}".socket
 149       ) cfg.apps;
 150       readOnly = true;
 151       description = ''
 152         Full paths to listen for php
 153         '';
 154     };
 155     services.phpApplication.webappDirs = mkOption {
 156       type = attrsOf path;
 157       default = attrsets.filterAttrs (n: v: builtins.hasAttr n cfg.apps) config.services.websites.webappDirsPaths;
 158       readOnly = true;
 159       description = ''
 160         Stable name webapp dirs for httpd
 161         '';
 162     };
 163   };
 164
 165   config = {
 166     services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
 167       name {
 168         modules = [ "proxy_fcgi" ];
 169         watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs);
 170       }
 171     ) cfgByEnv;
 172
 173     services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 174       name {
 175         user = icfg.httpdUser;
 176         group = icfg.httpdUser;
 177         settings = {
 178           "listen.owner" = icfg.httpdUser;
 179           "listen.group" = icfg.httpdGroup;
 180           "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir);
 181         }
 182         // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; }
 183         // icfg.phpPool;
 184         phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions;
 185         inherit (icfg) phpEnv phpPackage;
 186       }
 187     ) cfg.apps;
 188
 189     services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 190       (if icfg.webappName == null then name else icfg.webappName) icfg.webRoot
 191     ) (attrsets.filterAttrs (n: v: !isNull v.webRoot) cfg.apps);
 192
 193     services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 194       "phpfpm-${name}" {
 195         restart = true;
 196         paths = icfg.phpWatchFiles;
 197       }
 198     ) (attrsets.filterAttrs (n: v: builtins.length v.phpWatchFiles > 0) cfg.apps);
 199
 200     systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 201       "phpfpm-${name}" {
 202         after = lib.mkAfter icfg.serviceDeps;
 203         wants = icfg.serviceDeps;
 204         preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
 205           watchFilesChanged() {
 206             ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"}
 207             [ ! -f "${icfg.varDir}"/watchedFiles ] \
 208               || ! sha512sum -c --status ${icfg.varDir}/watchedFiles
 209           }
 210           appDirChanged() {
 211             [ ! -f "${icfg.varDir}/currentWebappDir" -o \
 212               "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
 213           }
 214           updateWatchFiles() {
 215             ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"}
 216             sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles
 217           }
 218
 219           if watchFilesChanged || appDirChanged; then
 220             pushd ${icfg.app} > /dev/null
 221             ${builtins.concatStringsSep "\n  " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) }
 222             popd > /dev/null
 223             echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir
 224             updateWatchFiles
 225           fi
 226         '');
 227       }
 228     ) cfg.apps;
 229
 230     system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
 231       name {
 232         deps = [];
 233         text = optionalString (!isNull icfg.varDir) ''
 234           install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}
 235           '' + optionalString (icfg.phpSession) ''
 236           install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
 237           '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: ''
 238             install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n}
 239             '') icfg.varDirPaths);
 240       }
 241     ) cfg.apps;
 242   };
 243 }