From: Ismaƫl Bouya Date: Tue, 21 May 2019 00:47:52 +0000 (+0200) Subject: Replace myPhpfpm with correct overrides X-Git-Tag: nur_publish~5 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=f40f5b235b890f46770a22f005f8a0f664cf0562 Replace myPhpfpm with correct overrides --- diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 790c5a9..5ccc0c1 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix @@ -13,9 +13,10 @@ in { config = lib.mkIf cfg.enable { secrets.keys = aten.keys; - services.myPhpfpm.preStart.aten_dev = aten.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_dev = aten.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; + systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart; + systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps; + systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps; + services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; system.activationScripts.aten_dev = aten.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 697f1b8..7938241 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix @@ -15,9 +15,10 @@ in { secrets.keys = aten.keys; services.webstats.sites = [ { name = "aten.pro"; } ]; - services.myPhpfpm.preStart.aten_prod = aten.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_prod = aten.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_prod = aten.phpFpm.pool; + systemd.services.phpfpm-aten_prod.preStart = lib.mkAfter aten.phpFpm.preStart; + systemd.services.phpfpm-aten_prod.after = lib.mkAfter aten.phpFpm.serviceDeps; + systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps; + services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool; system.activationScripts.aten_prod = aten.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix index 7b72b97..f65e9a9 100644 --- a/modules/private/websites/chloe/builder.nix +++ b/modules/private/websites/chloe/builder.nix @@ -5,7 +5,6 @@ rec { serviceDeps = [ "mysql.service" ]; socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; pool = '' - listen = ${socket} user = ${apacheUser} group = ${apacheGroup} listen.owner = ${apacheUser} diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index 458e414..d49a85c 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix @@ -13,11 +13,15 @@ in { config = lib.mkIf cfg.enable { secrets.keys = chloe.keys; - services.myPhpfpm.serviceDependencies.chloe_dev = chloe.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_dev = chloe.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_dev = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so + systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; + systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; + services.phpfpm.pools.chloe_dev = { + listen = chloe.phpFpm.socket; + extraConfig = chloe.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so ''; + }; system.activationScripts.chloe_dev = chloe.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 0eafebd..d4b2299 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix @@ -15,11 +15,15 @@ in { secrets.keys = chloe.keys; services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; - services.myPhpfpm.serviceDependencies.chloe_prod = chloe.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_prod = chloe.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_prod = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so + systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps; + systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps; + services.phpfpm.pools.chloe_prod = { + listen = chloe.phpFpm.socket; + extraConfig = chloe.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so ''; + }; system.activationScripts.chloe_prod = chloe.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/connexionswing/builder.nix b/modules/private/websites/connexionswing/builder.nix index 1224420..b4b04cb 100644 --- a/modules/private/websites/connexionswing/builder.nix +++ b/modules/private/websites/connexionswing/builder.nix @@ -49,7 +49,6 @@ rec { extension=${phpPackages.imagick}/lib/php/extensions/imagick.so ''; pool = '' - listen = ${socket} user = ${apacheUser} group = ${apacheGroup} listen.owner = ${apacheUser} diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index c3425bd..6570977 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix @@ -13,10 +13,14 @@ in { config = lib.mkIf cfg.enable { secrets.keys = connexionswing.keys; - services.myPhpfpm.preStart.connexionswing_dev = connexionswing.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing.phpFpm.phpConfig; + systemd.services.phpfpm-connexionswing_dev.after = lib.mkAfter connexionswing.phpFpm.serviceDeps; + systemd.services.phpfpm-connexionswing_dev.wants = connexionswing.phpFpm.serviceDeps; + systemd.services.phpfpm-connexionswing_dev.preStart = lib.mkAfter connexionswing.phpFpm.preStart; + services.phpfpm.pools.connexionswing_dev = { + listen = connexionswing.phpFpm.socket; + extraConfig = connexionswing.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig; + }; system.activationScripts.connexionswing_dev = connexionswing.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 8f28f46..b51c549 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix @@ -15,10 +15,14 @@ in { secrets.keys = connexionswing.keys; services.webstats.sites = [ { name = "connexionswing.com"; } ]; - services.myPhpfpm.preStart.connexionswing_prod = connexionswing.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing.phpFpm.phpConfig; + systemd.services.phpfpm-connexionswing_prod.after = lib.mkAfter connexionswing.phpFpm.serviceDeps; + systemd.services.phpfpm-connexionswing_prod.wants = connexionswing.phpFpm.serviceDeps; + systemd.services.phpfpm-connexionswing_prod.preStart = lib.mkAfter connexionswing.phpFpm.preStart; + services.phpfpm.pools.connexionswing_prod = { + listen = connexionswing.phpFpm.socket; + extraConfig = connexionswing.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig; + }; system.activationScripts.connexionswing_prod = connexionswing.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 08506e1..905c66a 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix @@ -15,9 +15,10 @@ in { config = lib.mkIf cfg.enable { secrets.keys = tellesflorian.keys; - services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool; + systemd.services.phpfpm-tellesflorian_dev.after = lib.mkAfter tellesflorian.phpFpm.serviceDeps; + systemd.services.phpfpm-tellesflorian_dev.wants = tellesflorian.phpFpm.serviceDeps; + systemd.services.phpfpm-tellesflorian_dev.preStart = lib.mkAfter tellesflorian.phpFpm.preStart; + services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool; system.activationScripts.tellesflorian_dev = tellesflorian.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix index 58cf048..c3cabb6 100644 --- a/modules/private/websites/immae/production.nix +++ b/modules/private/websites/immae/production.nix @@ -9,7 +9,7 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "www.immae.eu"; } ]; - services.myPhpfpm.poolConfigs.immae = '' + services.phpfpm.poolConfigs.immae = '' listen = /run/phpfpm/immae.sock user = wwwrun group = wwwrun diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix index 1ce8eea..69c8c49 100644 --- a/modules/private/websites/leila/production.nix +++ b/modules/private/websites/leila/production.nix @@ -6,7 +6,7 @@ in { options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production"; config = lib.mkIf cfg.enable { - services.myPhpfpm.poolConfigs.leila = '' + services.phpfpm.poolConfigs.leila = '' listen = /run/phpfpm/leila.sock user = wwwrun group = wwwrun diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index 0be067b..a53f1fe 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix @@ -14,9 +14,10 @@ in { config = lib.mkIf cfg.enable { secrets.keys = ludivinecassal.keys; - services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool; + systemd.services.phpfpm-ludivinecassal_dev.after = lib.mkAfter ludivinecassal.phpFpm.serviceDeps; + systemd.services.phpfpm-ludivinecassal_dev.wants = ludivinecassal.phpFpm.serviceDeps; + systemd.services.phpfpm-ludivinecassal_dev.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart; + services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index c5de698..8fe6812 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix @@ -15,9 +15,10 @@ in { secrets.keys = ludivinecassal.keys; services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; - services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool; + systemd.services.phpfpm-ludivinecassal_prod.after = lib.mkAfter ludivinecassal.phpFpm.serviceDeps; + systemd.services.phpfpm-ludivinecassal_prod.wants = ludivinecassal.phpFpm.serviceDeps; + systemd.services.phpfpm-ludivinecassal_prod.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart; + services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix index b6cf069..2315b30 100644 --- a/modules/private/websites/naturaloutil/production.nix +++ b/modules/private/websites/naturaloutil/production.nix @@ -33,24 +33,27 @@ in { ?> ''; }]; - services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ]; - services.myPhpfpm.poolConfigs.jerome = '' - listen = /run/phpfpm/naturaloutil.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun + systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ]; + systemd.services.phpfpm-jerome.wants = [ "mysql.service" ]; + services.phpfpm.pools.jerome = { + listen = "/run/phpfpm/naturaloutil.sock"; + extraConfig = '' + user = wwwrun + group = wwwrun + listen.owner = wwwrun + listen.group = wwwrun - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 - env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" - php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" - ''; - services.myPhpfpm.poolPhpConfigs.jerome = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; + env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" + php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" + ''; + phpOptions = config.services.phpfpm.phpOptions + '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so + ''; + }; services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; services.websites.production.vhostConfs.naturaloutil = { certName = "naturaloutil"; diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 6249e85..83b428a 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix @@ -13,9 +13,10 @@ in { config = lib.mkIf cfg.enable { secrets.keys = piedsjaloux.keys; - services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool; + systemd.services.phpfpm-piedsjaloux_dev.after = lib.mkAfter piedsjaloux.phpFpm.serviceDeps; + systemd.services.phpfpm-piedsjaloux_dev.wants = piedsjaloux.phpFpm.serviceDeps; + systemd.services.phpfpm-piedsjaloux_dev.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart; + services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index afa1667..0efd56b 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix @@ -15,9 +15,10 @@ in { secrets.keys = piedsjaloux.keys; services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; - services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool; + systemd.services.phpfpm-piedsjaloux_prod.after = lib.mkAfter piedsjaloux.phpFpm.serviceDeps; + systemd.services.phpfpm-piedsjaloux_prod.wants = piedsjaloux.phpFpm.serviceDeps; + systemd.services.phpfpm-piedsjaloux_prod.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart; + services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index e1c933f..e620318 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix @@ -160,7 +160,7 @@ in { '') env.taskwarrior-web); }; - services.myPhpfpm.poolConfigs = { + services.phpfpm.poolConfigs = { tasks = '' listen = /var/run/phpfpm/task.sock user = ${user} diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 584892a..1948fe9 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -76,8 +76,6 @@ in ./tools/diaspora.nix ./tools/ether.nix ./tools/peertube.nix - # Adapted from base phpfpm - ./phpfpm ]; config = { @@ -156,7 +154,7 @@ in ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName} ''; - services.myPhpfpm = { + services.phpfpm = { phpPackage = pkgs.php; phpOptions = '' session.save_path = "/var/lib/php/sessions" diff --git a/nixops/modules/websites/phpfpm/default.nix b/nixops/modules/websites/phpfpm/default.nix deleted file mode 100644 index 60959e0..0000000 --- a/nixops/modules/websites/phpfpm/default.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.myPhpfpm; - enabled = cfg.poolConfigs != {} || cfg.pools != {}; - - stateDir = "/run/phpfpm"; - - poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools; - - mkPool = n: p: '' - listen = ${p.listen} - ${p.extraConfig} - ''; - - fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" '' - [global] - error_log = syslog - daemonize = no - ${cfg.extraConfig} - - [${pool}] - ${poolConfig} - ''; - - phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" { - inherit (cfg) phpPackage phpOptions; - inherit poolPhpOptions; - nixDefaults = '' - sendmail_path = "/run/wrappers/bin/sendmail -t -i" - ''; - passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ]; - } '' - cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out - ''); - -in { - - options = { - services.myPhpfpm = { - extraConfig = mkOption { - type = types.lines; - default = ""; - description = '' - Extra configuration that should be put in the global section of - the PHP-FPM configuration file. Do not specify the options - error_log or - daemonize here, since they are generated by - NixOS. - ''; - }; - - phpPackage = mkOption { - type = types.package; - default = pkgs.php; - defaultText = "pkgs.php"; - description = '' - The PHP package to use for running the PHP-FPM service. - ''; - }; - - phpOptions = mkOption { - type = types.lines; - default = ""; - example = - '' - date.timezone = "CET" - ''; - description = - "Options appended to the PHP configuration file php.ini."; - }; - - serviceDependencies = mkOption { - default = {}; - type = types.attrsOf (types.listOf types.string); - example = literalExample '' - { mypool = ["postgresql.service"]; } - ''; - description = '' - Extra service dependencies specific to pool. - ''; - }; - - envFile = mkOption { - default = {}; - type = types.attrsOf types.string; - example = literalExample '' - { mypool = "path/to/file"; - } - ''; - description = '' - Extra environment file go into the service script. - ''; - }; - - preStart = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - touch foo - '''; - } - ''; - description = '' - Extra lines that will go into the preStart systemd service - ''; - }; - - poolPhpConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - extension = some_extension.so - '''; - } - ''; - description = '' - Extra lines that go into the php configuration specific to pool. - ''; - }; - - poolConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - listen = /run/phpfpm/mypool - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - ''; - description = '' - A mapping between PHP-FPM pool names and their configurations. - See the documentation on php-fpm.conf for - details on configuration directives. If no pools are defined, - the phpfpm service is disabled. - ''; - }; - - pools = mkOption { - type = types.attrsOf (types.submodule (import ./pool-options.nix { - inherit lib; - })); - default = {}; - example = literalExample '' - { - mypool = { - listen = "/path/to/unix/socket"; - extraConfig = ''' - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - }''; - description = '' - PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM - service is disabled. - ''; - }; - }; - }; - - config = mkIf enabled { - - systemd.slices.phpfpm = { - description = "PHP FastCGI Process manager pools slice"; - }; - - systemd.targets.phpfpm = { - description = "PHP FastCGI Process manager pools target"; - wantedBy = [ "multi-user.target" ]; - }; - - systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig: - nameValuePair "phpfpm-${pool}" { - description = "PHP FastCGI Process Manager service for pool ${pool}"; - after = [ "network.target" ] ++ (cfg.serviceDependencies.${pool} or []); - wants = cfg.serviceDependencies.${pool} or []; - wantedBy = [ "phpfpm.target" ]; - partOf = [ "phpfpm.target" ]; - preStart = '' - mkdir -p ${stateDir} - '' + (cfg.preStart.${pool} or ""); - serviceConfig = let - cfgFile = fpmCfgFile pool poolConfig; - poolPhpIni = cfg.poolPhpConfigs.${pool} or ""; - in { - EnvironmentFile = if builtins.hasAttr pool cfg.envFile then [cfg.envFile.${pool}] else []; - Slice = "phpfpm.slice"; - PrivateDevices = true; - ProtectSystem = "full"; - ProtectHome = true; - # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work - RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; - Type = "notify"; - ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}"; - ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; - }; - } - ); - }; -} diff --git a/nixops/modules/websites/phpfpm/pool-options.nix b/nixops/modules/websites/phpfpm/pool-options.nix deleted file mode 100644 index cc688c2..0000000 --- a/nixops/modules/websites/phpfpm/pool-options.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib }: - -with lib; { - - options = { - - listen = mkOption { - type = types.str; - example = "/path/to/unix/socket"; - description = '' - The address on which to accept FastCGI requests. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - example = '' - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - ''; - - description = '' - Extra lines that go into the pool configuration. - See the documentation on php-fpm.conf for - details on configuration directives. - ''; - }; - }; -} - diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix index 5e010f4..5d2ca40 100644 --- a/nixops/modules/websites/tools/cloud.nix +++ b/nixops/modules/websites/tools/cloud.nix @@ -17,7 +17,6 @@ let zend_extension=${pkgs.php}/lib/php/extensions/opcache.so ''; pool = '' - listen = ${socket} user = wwwrun group = wwwrun listen.owner = wwwrun @@ -170,9 +169,10 @@ in { ln -s ${nextcloud} $out/webapps/${webappName} ''; - services.myPhpfpm = { - poolPhpConfigs.nextcloud = phpFpm.phpConfig; - poolConfigs.nextcloud = phpFpm.pool; + services.phpfpm.pools.nextcloud = { + listen = phpFpm.socket; + extraConfig = phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; }; services.cron = { diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix index 075cf48..78e0ba3 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/nixops/modules/websites/tools/dav/default.nix @@ -41,7 +41,7 @@ in { ]; }; - services.myPhpfpm.poolConfigs = { + services.phpfpm.poolConfigs = { davical = davical.phpFpm.pool; }; diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix index 064d3dd..495c5ea 100644 --- a/nixops/modules/websites/tools/git/default.nix +++ b/nixops/modules/websites/tools/git/default.nix @@ -38,7 +38,7 @@ in { '' ]; }; - services.myPhpfpm.poolConfigs = { + services.phpfpm.poolConfigs = { mantisbt = mantisbt.phpFpm.pool; }; }; diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 061c004..642755f 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -72,15 +72,6 @@ in { ++ ldap.apache.modules ++ kanboard.apache.modules; - systemd.services.ympd = { - description = "Standalone MPD Web GUI written in C"; - wantedBy = [ "multi-user.target" ]; - script = '' - export MPD_PASSWORD=$(cat /var/secrets/mpd) - ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody - ''; - }; - services.websites.integration.vhostConfs.devtools = { certName = "eldiron"; addToCerts = true; @@ -157,33 +148,99 @@ in { ]; }; - services.myPhpfpm.serviceDependencies = { - dokuwiki = dokuwiki.phpFpm.serviceDeps; - kanboard = kanboard.phpFpm.serviceDeps; - ldap = ldap.phpFpm.serviceDeps; - rainloop = rainloop.phpFpm.serviceDeps; - roundcubemail = roundcubemail.phpFpm.serviceDeps; - shaarli = shaarli.phpFpm.serviceDeps; - ttrss = ttrss.phpFpm.serviceDeps; - wallabag = wallabag.phpFpm.serviceDeps; - yourls = yourls.phpFpm.serviceDeps; + systemd.services = { + phpfpm-dokuwiki = { + after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; + wants = dokuwiki.phpFpm.serviceDeps; + }; + phpfpm-kanboard = { + after = lib.mkAfter kanboard.phpFpm.serviceDeps; + wants = kanboard.phpFpm.serviceDeps; + }; + phpfpm-ldap = { + after = lib.mkAfter ldap.phpFpm.serviceDeps; + wants = ldap.phpFpm.serviceDeps; + }; + phpfpm-rainloop = { + after = lib.mkAfter rainloop.phpFpm.serviceDeps; + wants = rainloop.phpFpm.serviceDeps; + }; + phpfpm-roundcubemail = { + after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; + wants = roundcubemail.phpFpm.serviceDeps; + }; + phpfpm-shaarli = { + after = lib.mkAfter shaarli.phpFpm.serviceDeps; + wants = shaarli.phpFpm.serviceDeps; + }; + phpfpm-ttrss = { + after = lib.mkAfter ttrss.phpFpm.serviceDeps; + wants = ttrss.phpFpm.serviceDeps; + }; + phpfpm-wallabag = { + after = lib.mkAfter wallabag.phpFpm.serviceDeps; + wants = wallabag.phpFpm.serviceDeps; + preStart = lib.mkAfter wallabag.phpFpm.preStart; + }; + phpfpm-yourls = { + after = lib.mkAfter yourls.phpFpm.serviceDeps; + wants = yourls.phpFpm.serviceDeps; + }; + ympd = { + description = "Standalone MPD Web GUI written in C"; + wantedBy = [ "multi-user.target" ]; + script = '' + export MPD_PASSWORD=$(cat /var/secrets/mpd) + ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody + ''; + }; + tt-rss = { + description = "Tiny Tiny RSS feeds update daemon"; + serviceConfig = { + User = "wwwrun"; + ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; + StandardOutput = "syslog"; + StandardError = "syslog"; + PermissionsStartOnly = true; + }; + + wantedBy = [ "multi-user.target" ]; + requires = ["postgresql.service"]; + after = ["network.target" "postgresql.service"]; + }; + }; + + services.phpfpm.pools.roundcubemail = { + listen = roundcubemail.phpFpm.socket; + extraConfig = roundcubemail.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; }; - services.myPhpfpm.poolPhpConfigs = { - devtools = '' + services.phpfpm.pools.devtools = { + listen = "/var/run/phpfpm/devtools.sock"; + extraConfig = '' + user = wwwrun + group = wwwrun + listen.owner = wwwrun + listen.group = wwwrun + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 + + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" + ''; + phpOptions = config.services.phpfpm.phpOptions + '' extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so zend_extension=${pkgs.php}/lib/php/extensions/opcache.so ''; - roundcubemail = roundcubemail.phpFpm.phpConfig; - }; - services.myPhpfpm.preStart = { - wallabag = wallabag.phpFpm.preStart; }; - services.myPhpfpm.poolConfigs = { + + services.phpfpm.poolConfigs = { adminer = adminer.phpFpm.pool; ttrss = ttrss.phpFpm.pool; - roundcubemail = roundcubemail.phpFpm.pool; wallabag = wallabag.phpFpm.pool; yourls = yourls.phpFpm.pool; rompr = rompr.phpFpm.pool; @@ -192,20 +249,6 @@ in { ldap = ldap.phpFpm.pool; rainloop = rainloop.phpFpm.pool; kanboard = kanboard.phpFpm.pool; - devtools = '' - listen = /var/run/phpfpm/devtools.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 - - php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" - ''; tools = '' listen = /var/run/phpfpm/tools.sock user = wwwrun @@ -250,21 +293,6 @@ in { ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName} ''; - systemd.services.tt-rss = { - description = "Tiny Tiny RSS feeds update daemon"; - serviceConfig = { - User = "wwwrun"; - ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; - StandardOutput = "syslog"; - StandardError = "syslog"; - PermissionsStartOnly = true; - }; - - wantedBy = [ "multi-user.target" ]; - requires = ["postgresql.service"]; - after = ["network.target" "postgresql.service"]; - }; - }; } diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix index 6177ff3..8974d1b 100644 --- a/nixops/modules/websites/tools/tools/roundcubemail.nix +++ b/nixops/modules/websites/tools/tools/roundcubemail.nix @@ -102,7 +102,6 @@ rec { ''; socket = "/var/run/phpfpm/roundcubemail.sock"; pool = '' - listen = ${socket} user = ${apache.user} group = ${apache.group} listen.owner = ${apache.user}