From 2e48907d64491a06454b342a1a56d03a0835753d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 1 Jun 2019 12:46:35 +0200 Subject: [PATCH] Start moving php configuration to a dedicated module --- modules/default.nix | 1 + modules/private/websites/aten/integration.nix | 28 ++-- modules/websites/php-application.nix | 152 ++++++++++++++++++ 3 files changed, 171 insertions(+), 10 deletions(-) create mode 100644 modules/websites/php-application.nix diff --git a/modules/default.nix b/modules/default.nix index e36f1a0..dd34870 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,5 +10,6 @@ mediagoblin = ./webapps/mediagoblin.nix; peertube = ./webapps/peertube.nix; + php-application = ./websites/php-application.nix; websites = ./websites; } // (if builtins.pathExists ./private then import ./private else {}) diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 384b324..f8d8b53 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix @@ -12,14 +12,26 @@ in { options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; config = lib.mkIf cfg.enable { + services.phpApplication.aten_dev = let + app = pkgs.webapps.aten.override { environment = "dev"; }; + in { + websiteEnv = "integration"; + httpdUser = config.services.httpd.Inte.user; + httpdGroup = config.services.httpd.Inte.group; + inherit (app) webRoot varDir; + inherit app; + serviceDeps = [ "postgresql.service" ]; + preStartActions = [ + "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" + ]; + watchFiles = [ + "${config.secrets.location}/webapps/${app.environment}-aten" + ]; + webappName = "aten_dev"; + }; + secrets.keys = aten.keys; - systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart; - systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps; - systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps; services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; - system.activationScripts.aten_dev = aten.activationScript; - myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot; - services.websites.integration.modules = aten.apache.modules; services.websites.integration.vhostConfs.aten = { certName = "eldiron"; addToCerts = true; @@ -27,9 +39,5 @@ in { root = aten.apache.root; extraConfig = [ aten.apache.vhostConf ]; }; - services.websites.integration.watchPaths = [ - "/var/secrets/webapps/${aten.app.environment}-aten" - ]; }; } - diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix new file mode 100644 index 0000000..7bbae50 --- /dev/null +++ b/modules/websites/php-application.nix @@ -0,0 +1,152 @@ +{ lib, config, ... }: +with lib; +let + cfg = config.services.phpApplication; + cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg); +in +{ + options = { + services.phpApplication = with types; mkOption { + default = {}; + description = '' + php applications to define + ''; + type = attrsOf (submodule { + options = { + varDir = mkOption { + type = nullOr path; + description = '' + Path to application’s vardir. + ''; + }; + mode = mkOption { + type = str; + default = "0700"; + description = '' + Mode to apply to the vardir + ''; + }; + phpSession = mkOption { + type = bool; + default = true; + description = "Handle phpsession files separately in vardir"; + }; + websiteEnv = mkOption { + type = str; + description = '' + website instance name to use + ''; + }; + httpdUser = mkOption { + type = str; + default = config.services.httpd.user; + description = '' + httpd user to run the prestart scripts as. + ''; + }; + httpdGroup = mkOption { + type = str; + default = config.services.httpd.group; + description = '' + httpd group to run the prestart scripts as. + ''; + }; + app = mkOption { + type = path; + description = '' + Path to application root + ''; + }; + webappName = mkOption { + type = nullOr str; + description = '' + Alias name for the app, to be used in services.websites.webappDirs + ''; + }; + webRoot = mkOption { + type = nullOr path; + description = '' + Path to the web root path of the application. May differ from the application itself (usually a subdirectory) + ''; + }; + preStartActions = mkOption { + type = listOf str; + default = []; + description = '' + List of actions to run as apache user at preStart when + whatchFiles or app dir changed. + ''; + }; + serviceDeps = mkOption { + type = listOf str; + default = []; + description = '' + List of systemd services this application depends on + ''; + }; + watchFiles = mkOption { + type = listOf path; + default = []; + description = '' + Path to other files to watch to trigger preStart scripts + ''; + }; + }; + }); + }; + }; + + config = { + services.websites = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair + name { + modules = [ "proxy_fcgi" ]; + watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs); + } + ) cfgByEnv; + + services.websitesWebappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + icfg.webappName icfg.webRoot + ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg); + + systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + "phpfpm-${name}" { + after = lib.mkAfter icfg.serviceDeps; + wants = icfg.serviceDeps; + preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' + watchFilesChanged() { + ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} + [ ! -f "${icfg.varDir}"/watchedFiles ] \ + || ! sha512sum -c --status ${icfg.varDir}/watchedFiles + } + appDirChanged() { + [ ! -f "${icfg.varDir}/currentWebappDir" -o \ + "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] + } + updateWatchFiles() { + ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} + sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles + } + + if watchFilesChanged || appDirChanged; then + pushd ${icfg.app} > /dev/null + ${builtins.concatStringsSep "\n " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) } + popd > /dev/null + echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir + updateWatchFiles + fi + ''); + } + ) cfg; + + system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name { + deps = []; + text = optionalString (!isNull icfg.varDir) '' + install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir} + '' + optionalString (icfg.phpSession) '' + install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions + ''; + } + ) cfg; + }; +} -- 2.41.0