Replace myPhpfpm with correct overrides

25 files changed, 173 insertions, 376 deletions

diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
index 790c5a9..5ccc0c1 100644
--- a/modules/private/websites/aten/integration.nix
+++ b/modules/private/websites/aten/integration.nix
@@ -13,9 +13,10 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = aten.keys;
-    services.myPhpfpm.preStart.aten_dev = aten.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.aten_dev = aten.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
+    systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart;
+    systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps;
+    systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps;
+    services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
     system.activationScripts.aten_dev = aten.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix
index 697f1b8..7938241 100644
--- a/modules/private/websites/aten/production.nix
+++ b/modules/private/websites/aten/production.nix
@@ -15,9 +15,10 @@ in {
     secrets.keys = aten.keys;
     services.webstats.sites = [ { name = "aten.pro"; } ];
 
-    services.myPhpfpm.preStart.aten_prod = aten.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.aten_prod = aten.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
+    systemd.services.phpfpm-aten_prod.preStart = lib.mkAfter aten.phpFpm.preStart;
+    systemd.services.phpfpm-aten_prod.after = lib.mkAfter aten.phpFpm.serviceDeps;
+    systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps;
+    services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
     system.activationScripts.aten_prod = aten.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix
index 7b72b97..f65e9a9 100644
--- a/modules/private/websites/chloe/builder.nix
+++ b/modules/private/websites/chloe/builder.nix
@@ -5,7 +5,6 @@ rec {
     serviceDeps = [ "mysql.service" ];
     socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
     pool = ''
-      listen = ${socket}
       user = ${apacheUser}
       group = ${apacheGroup}
       listen.owner = ${apacheUser}
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index 458e414..d49a85c 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -13,11 +13,15 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = chloe.keys;
-    services.myPhpfpm.serviceDependencies.chloe_dev = chloe.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.chloe_dev = chloe.phpFpm.pool;
-    services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
-      extension=${pkgs.php}/lib/php/extensions/mysqli.so
+    systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps;
+    systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps;
+    services.phpfpm.pools.chloe_dev = {
+      listen = chloe.phpFpm.socket;
+      extraConfig = chloe.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
       '';
+    };
     system.activationScripts.chloe_dev = chloe.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 0eafebd..d4b2299 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -15,11 +15,15 @@ in {
     secrets.keys = chloe.keys;
     services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
 
-    services.myPhpfpm.serviceDependencies.chloe_prod = chloe.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.chloe_prod = chloe.phpFpm.pool;
-    services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
-      extension=${pkgs.php}/lib/php/extensions/mysqli.so
+    systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps;
+    systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps;
+    services.phpfpm.pools.chloe_prod = {
+      listen = chloe.phpFpm.socket;
+      extraConfig = chloe.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
       '';
+    };
     system.activationScripts.chloe_prod = chloe.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/connexionswing/builder.nix b/modules/private/websites/connexionswing/builder.nix
index 1224420..b4b04cb 100644
--- a/modules/private/websites/connexionswing/builder.nix
+++ b/modules/private/websites/connexionswing/builder.nix
@@ -49,7 +49,6 @@ rec {
       extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
       '';
     pool = ''
-      listen = ${socket}
       user = ${apacheUser}
       group = ${apacheGroup}
       listen.owner = ${apacheUser}
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index c3425bd..6570977 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -13,10 +13,14 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = connexionswing.keys;
-    services.myPhpfpm.preStart.connexionswing_dev = connexionswing.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing.phpFpm.pool;
-    services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing.phpFpm.phpConfig;
+    systemd.services.phpfpm-connexionswing_dev.after = lib.mkAfter connexionswing.phpFpm.serviceDeps;
+    systemd.services.phpfpm-connexionswing_dev.wants = connexionswing.phpFpm.serviceDeps;
+    systemd.services.phpfpm-connexionswing_dev.preStart = lib.mkAfter connexionswing.phpFpm.preStart;
+    services.phpfpm.pools.connexionswing_dev = {
+      listen = connexionswing.phpFpm.socket;
+      extraConfig = connexionswing.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig;
+    };
     system.activationScripts.connexionswing_dev = connexionswing.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix
index 8f28f46..b51c549 100644
--- a/modules/private/websites/connexionswing/production.nix
+++ b/modules/private/websites/connexionswing/production.nix
@@ -15,10 +15,14 @@ in {
     secrets.keys = connexionswing.keys;
     services.webstats.sites = [ { name = "connexionswing.com"; } ];
 
-    services.myPhpfpm.preStart.connexionswing_prod = connexionswing.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing.phpFpm.pool;
-    services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing.phpFpm.phpConfig;
+    systemd.services.phpfpm-connexionswing_prod.after = lib.mkAfter connexionswing.phpFpm.serviceDeps;
+    systemd.services.phpfpm-connexionswing_prod.wants = connexionswing.phpFpm.serviceDeps;
+    systemd.services.phpfpm-connexionswing_prod.preStart = lib.mkAfter connexionswing.phpFpm.preStart;
+    services.phpfpm.pools.connexionswing_prod = {
+      listen = connexionswing.phpFpm.socket;
+      extraConfig = connexionswing.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig;
+    };
     system.activationScripts.connexionswing_prod = connexionswing.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
index 08506e1..905c66a 100644
--- a/modules/private/websites/florian/app.nix
+++ b/modules/private/websites/florian/app.nix
@@ -15,9 +15,10 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = tellesflorian.keys;
-    services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool;
+    systemd.services.phpfpm-tellesflorian_dev.after = lib.mkAfter tellesflorian.phpFpm.serviceDeps;
+    systemd.services.phpfpm-tellesflorian_dev.wants = tellesflorian.phpFpm.serviceDeps;
+    systemd.services.phpfpm-tellesflorian_dev.preStart = lib.mkAfter tellesflorian.phpFpm.preStart;
+    services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool;
     system.activationScripts.tellesflorian_dev = tellesflorian.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
index 58cf048..c3cabb6 100644
--- a/modules/private/websites/immae/production.nix
+++ b/modules/private/websites/immae/production.nix
@@ -9,7 +9,7 @@ in {
   config = lib.mkIf cfg.enable {
     services.webstats.sites = [ { name = "www.immae.eu"; } ];
 
-    services.myPhpfpm.poolConfigs.immae = ''
+    services.phpfpm.poolConfigs.immae = ''
       listen = /run/phpfpm/immae.sock
       user = wwwrun
       group = wwwrun
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
index 1ce8eea..69c8c49 100644
--- a/modules/private/websites/leila/production.nix
+++ b/modules/private/websites/leila/production.nix
@@ -6,7 +6,7 @@ in {
   options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production";
 
   config = lib.mkIf cfg.enable {
-    services.myPhpfpm.poolConfigs.leila = ''
+    services.phpfpm.poolConfigs.leila = ''
       listen = /run/phpfpm/leila.sock
       user = wwwrun
       group = wwwrun
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix
index 0be067b..a53f1fe 100644
--- a/modules/private/websites/ludivinecassal/integration.nix
+++ b/modules/private/websites/ludivinecassal/integration.nix
@@ -14,9 +14,10 @@ in {
   config = lib.mkIf cfg.enable {
     secrets.keys = ludivinecassal.keys;
 
-    services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool;
+    systemd.services.phpfpm-ludivinecassal_dev.after = lib.mkAfter ludivinecassal.phpFpm.serviceDeps;
+    systemd.services.phpfpm-ludivinecassal_dev.wants = ludivinecassal.phpFpm.serviceDeps;
+    systemd.services.phpfpm-ludivinecassal_dev.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart;
+    services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool;
     system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix
index c5de698..8fe6812 100644
--- a/modules/private/websites/ludivinecassal/production.nix
+++ b/modules/private/websites/ludivinecassal/production.nix
@@ -15,9 +15,10 @@ in {
     secrets.keys = ludivinecassal.keys;
     services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
 
-    services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool;
+    systemd.services.phpfpm-ludivinecassal_prod.after = lib.mkAfter ludivinecassal.phpFpm.serviceDeps;
+    systemd.services.phpfpm-ludivinecassal_prod.wants = ludivinecassal.phpFpm.serviceDeps;
+    systemd.services.phpfpm-ludivinecassal_prod.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart;
+    services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool;
     system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix
index b6cf069..2315b30 100644
--- a/modules/private/websites/naturaloutil/production.nix
+++ b/modules/private/websites/naturaloutil/production.nix
@@ -33,24 +33,27 @@ in {
         ?>
       '';
     }];
-    services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ];
-    services.myPhpfpm.poolConfigs.jerome = ''
-      listen = /run/phpfpm/naturaloutil.sock
-      user = wwwrun
-      group = wwwrun
-      listen.owner = wwwrun
-      listen.group = wwwrun
+    systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ];
+    systemd.services.phpfpm-jerome.wants = [ "mysql.service" ];
+    services.phpfpm.pools.jerome = {
+      listen = "/run/phpfpm/naturaloutil.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
 
-      pm = ondemand
-      pm.max_children = 5
-      pm.process_idle_timeout = 60
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
 
-      env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
-      php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
-      '';
-    services.myPhpfpm.poolPhpConfigs.jerome = ''
-      extension=${pkgs.php}/lib/php/extensions/mysqli.so
-      '';
+        env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
+        php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
     services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
     services.websites.production.vhostConfs.naturaloutil = {
       certName     = "naturaloutil";
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
index 6249e85..83b428a 100644
--- a/modules/private/websites/piedsjaloux/integration.nix
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -13,9 +13,10 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = piedsjaloux.keys;
-    services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool;
+    systemd.services.phpfpm-piedsjaloux_dev.after = lib.mkAfter piedsjaloux.phpFpm.serviceDeps;
+    systemd.services.phpfpm-piedsjaloux_dev.wants = piedsjaloux.phpFpm.serviceDeps;
+    systemd.services.phpfpm-piedsjaloux_dev.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart;
+    services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool;
     system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
index afa1667..0efd56b 100644
--- a/modules/private/websites/piedsjaloux/production.nix
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -15,9 +15,10 @@ in {
     secrets.keys = piedsjaloux.keys;
     services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
 
-    services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool;
+    systemd.services.phpfpm-piedsjaloux_prod.after = lib.mkAfter piedsjaloux.phpFpm.serviceDeps;
+    systemd.services.phpfpm-piedsjaloux_prod.wants = piedsjaloux.phpFpm.serviceDeps;
+    systemd.services.phpfpm-piedsjaloux_prod.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart;
+    services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool;
     system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript;
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index e1c933f..e620318 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -160,7 +160,7 @@ in {
         </Location>
         '') env.taskwarrior-web);
     };
-    services.myPhpfpm.poolConfigs = {
+    services.phpfpm.poolConfigs = {
       tasks = ''
         listen = /var/run/phpfpm/task.sock
         user = ${user}
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 584892a..1948fe9 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -76,8 +76,6 @@ in
     ./tools/diaspora.nix
     ./tools/ether.nix
     ./tools/peertube.nix
-    # Adapted from base phpfpm
-    ./phpfpm
   ];
 
   config = {
@@ -156,7 +154,7 @@ in
       ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName}
       '';
 
-    services.myPhpfpm = {
+    services.phpfpm = {
       phpPackage = pkgs.php;
       phpOptions = ''
         session.save_path = "/var/lib/php/sessions"
diff --git a/nixops/modules/websites/phpfpm/default.nix b/nixops/modules/websites/phpfpm/default.nix
deleted file mode 100644
index 60959e0..0000000
--- a/nixops/modules/websites/phpfpm/default.nix
+++ /dev/null
@@ -1,217 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.myPhpfpm;
-  enabled = cfg.poolConfigs != {} || cfg.pools != {};
-
-  stateDir = "/run/phpfpm";
-
-  poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools;
-
-  mkPool = n: p: ''
-    listen = ${p.listen}
-    ${p.extraConfig}
-  '';
-
-  fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" ''
-    [global]
-    error_log = syslog
-    daemonize = no
-    ${cfg.extraConfig}
-
-    [${pool}]
-    ${poolConfig}
-  '';
-
-  phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" {
-    inherit (cfg) phpPackage phpOptions;
-    inherit poolPhpOptions;
-    nixDefaults = ''
-      sendmail_path = "/run/wrappers/bin/sendmail -t -i"
-    '';
-    passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ];
-  } ''
-    cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out
-  '');
-
-in {
-
-  options = {
-    services.myPhpfpm = {
-      extraConfig = mkOption {
-        type = types.lines;
-        default = "";
-        description = ''
-          Extra configuration that should be put in the global section of
-          the PHP-FPM configuration file. Do not specify the options
-          <literal>error_log</literal> or
-          <literal>daemonize</literal> here, since they are generated by
-          NixOS.
-        '';
-      };
-
-      phpPackage = mkOption {
-        type = types.package;
-        default = pkgs.php;
-        defaultText = "pkgs.php";
-        description = ''
-          The PHP package to use for running the PHP-FPM service.
-        '';
-      };
-
-      phpOptions = mkOption {
-        type = types.lines;
-        default = "";
-        example =
-          ''
-            date.timezone = "CET"
-          '';
-        description =
-          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
-      };
-
-      serviceDependencies = mkOption {
-        default = {};
-        type = types.attrsOf (types.listOf types.string);
-        example = literalExample ''
-          { mypool = ["postgresql.service"]; }
-        '';
-        description = ''
-          Extra service dependencies specific to pool.
-        '';
-      };
-
-      envFile = mkOption {
-        default = {};
-        type = types.attrsOf types.string;
-        example = literalExample ''
-          { mypool = "path/to/file";
-          }
-        '';
-        description = ''
-          Extra environment file go into the service script.
-        '';
-      };
-
-      preStart = mkOption {
-        default = {};
-        type = types.attrsOf types.lines;
-        example = literalExample ''
-          { mypool = '''
-              touch foo
-            ''';
-          }
-        '';
-        description = ''
-          Extra lines that will go into the preStart systemd service
-        '';
-      };
-
-      poolPhpConfigs = mkOption {
-        default = {};
-        type = types.attrsOf types.lines;
-        example = literalExample ''
-          { mypool = '''
-              extension = some_extension.so
-            ''';
-          }
-        '';
-        description = ''
-          Extra lines that go into the php configuration specific to pool.
-        '';
-      };
-
-      poolConfigs = mkOption {
-        default = {};
-        type = types.attrsOf types.lines;
-        example = literalExample ''
-          { mypool = '''
-              listen = /run/phpfpm/mypool
-              user = nobody
-              pm = dynamic
-              pm.max_children = 75
-              pm.start_servers = 10
-              pm.min_spare_servers = 5
-              pm.max_spare_servers = 20
-              pm.max_requests = 500
-            ''';
-          }
-        '';
-        description = ''
-          A mapping between PHP-FPM pool names and their configurations.
-          See the documentation on <literal>php-fpm.conf</literal> for
-          details on configuration directives. If no pools are defined,
-          the phpfpm service is disabled.
-        '';
-      };
-
-      pools = mkOption {
-        type = types.attrsOf (types.submodule (import ./pool-options.nix {
-          inherit lib;
-        }));
-        default = {};
-        example = literalExample ''
-         {
-           mypool = {
-             listen = "/path/to/unix/socket";
-             extraConfig = '''
-               user = nobody
-               pm = dynamic
-               pm.max_children = 75
-               pm.start_servers = 10
-               pm.min_spare_servers = 5
-               pm.max_spare_servers = 20
-               pm.max_requests = 500
-             ''';
-           }
-         }'';
-        description = ''
-          PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM
-          service is disabled.
-        '';
-      };
-    };
-  };
-
-  config = mkIf enabled {
-
-    systemd.slices.phpfpm = {
-      description = "PHP FastCGI Process manager pools slice";
-    };
-
-    systemd.targets.phpfpm = {
-      description = "PHP FastCGI Process manager pools target";
-      wantedBy = [ "multi-user.target" ];
-    };
-
-    systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
-      nameValuePair "phpfpm-${pool}" {
-        description = "PHP FastCGI Process Manager service for pool ${pool}";
-        after = [ "network.target" ] ++ (cfg.serviceDependencies.${pool} or []);
-        wants = cfg.serviceDependencies.${pool} or [];
-        wantedBy = [ "phpfpm.target" ];
-        partOf = [ "phpfpm.target" ];
-        preStart = ''
-          mkdir -p ${stateDir}
-        '' + (cfg.preStart.${pool} or "");
-        serviceConfig = let
-          cfgFile = fpmCfgFile pool poolConfig;
-          poolPhpIni = cfg.poolPhpConfigs.${pool} or "";
-        in {
-          EnvironmentFile = if builtins.hasAttr pool cfg.envFile then [cfg.envFile.${pool}] else [];
-          Slice = "phpfpm.slice";
-          PrivateDevices = true;
-          ProtectSystem = "full";
-          ProtectHome = true;
-          # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
-          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
-          Type = "notify";
-          ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}";
-          ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
-        };
-      }
-   );
-  };
-}
diff --git a/nixops/modules/websites/phpfpm/pool-options.nix b/nixops/modules/websites/phpfpm/pool-options.nix
deleted file mode 100644
index cc688c2..0000000
--- a/nixops/modules/websites/phpfpm/pool-options.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib }:
-
-with lib; {
-
-  options = {
-
-    listen = mkOption {
-      type = types.str;
-      example = "/path/to/unix/socket";
-      description = ''
-        The address on which to accept FastCGI requests.
-      '';
-    };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      example = ''
-        user = nobody
-        pm = dynamic
-        pm.max_children = 75
-        pm.start_servers = 10
-        pm.min_spare_servers = 5
-        pm.max_spare_servers = 20
-        pm.max_requests = 500
-      '';
-
-      description = ''
-        Extra lines that go into the pool configuration.
-        See the documentation on <literal>php-fpm.conf</literal> for
-        details on configuration directives.
-      '';
-    };
-  };
-}
-
diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix
index 5e010f4..5d2ca40 100644
--- a/nixops/modules/websites/tools/cloud.nix
+++ b/nixops/modules/websites/tools/cloud.nix
@@ -17,7 +17,6 @@ let
       zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
       '';
     pool = ''
-      listen = ${socket}
       user = wwwrun
       group = wwwrun
       listen.owner = wwwrun
@@ -170,9 +169,10 @@ in {
       ln -s ${nextcloud} $out/webapps/${webappName}
       '';
 
-    services.myPhpfpm = {
-      poolPhpConfigs.nextcloud = phpFpm.phpConfig;
-      poolConfigs.nextcloud = phpFpm.pool;
+    services.phpfpm.pools.nextcloud = {
+      listen = phpFpm.socket;
+      extraConfig = phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig;
     };
 
     services.cron = {
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
index 075cf48..78e0ba3 100644
--- a/nixops/modules/websites/tools/dav/default.nix
+++ b/nixops/modules/websites/tools/dav/default.nix
@@ -41,7 +41,7 @@ in {
       ];
     };
 
-    services.myPhpfpm.poolConfigs = {
+    services.phpfpm.poolConfigs = {
       davical = davical.phpFpm.pool;
     };
 
diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix
index 064d3dd..495c5ea 100644
--- a/nixops/modules/websites/tools/git/default.nix
+++ b/nixops/modules/websites/tools/git/default.nix
@@ -38,7 +38,7 @@ in {
           ''
       ];
     };
-    services.myPhpfpm.poolConfigs = {
+    services.phpfpm.poolConfigs = {
       mantisbt = mantisbt.phpFpm.pool;
     };
   };
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 061c004..642755f 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -72,15 +72,6 @@ in {
       ++ ldap.apache.modules
       ++ kanboard.apache.modules;
 
-    systemd.services.ympd = {
-      description = "Standalone MPD Web GUI written in C";
-      wantedBy = [ "multi-user.target" ];
-      script = ''
-        export MPD_PASSWORD=$(cat /var/secrets/mpd)
-        ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
-        '';
-    };
-
     services.websites.integration.vhostConfs.devtools = {
       certName    = "eldiron";
       addToCerts  = true;
@@ -157,33 +148,99 @@ in {
       ];
     };
 
-    services.myPhpfpm.serviceDependencies = {
-      dokuwiki = dokuwiki.phpFpm.serviceDeps;
-      kanboard = kanboard.phpFpm.serviceDeps;
-      ldap = ldap.phpFpm.serviceDeps;
-      rainloop = rainloop.phpFpm.serviceDeps;
-      roundcubemail = roundcubemail.phpFpm.serviceDeps;
-      shaarli = shaarli.phpFpm.serviceDeps;
-      ttrss = ttrss.phpFpm.serviceDeps;
-      wallabag = wallabag.phpFpm.serviceDeps;
-      yourls = yourls.phpFpm.serviceDeps;
+    systemd.services = {
+      phpfpm-dokuwiki = {
+        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
+        wants = dokuwiki.phpFpm.serviceDeps;
+      };
+      phpfpm-kanboard = {
+        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
+        wants = kanboard.phpFpm.serviceDeps;
+      };
+      phpfpm-ldap = {
+        after = lib.mkAfter ldap.phpFpm.serviceDeps;
+        wants = ldap.phpFpm.serviceDeps;
+      };
+      phpfpm-rainloop = {
+        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
+        wants = rainloop.phpFpm.serviceDeps;
+      };
+      phpfpm-roundcubemail = {
+        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
+        wants = roundcubemail.phpFpm.serviceDeps;
+      };
+      phpfpm-shaarli = {
+        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
+        wants = shaarli.phpFpm.serviceDeps;
+      };
+      phpfpm-ttrss = {
+        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
+        wants = ttrss.phpFpm.serviceDeps;
+      };
+      phpfpm-wallabag = {
+        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
+        wants = wallabag.phpFpm.serviceDeps;
+        preStart = lib.mkAfter wallabag.phpFpm.preStart;
+      };
+      phpfpm-yourls = {
+        after = lib.mkAfter yourls.phpFpm.serviceDeps;
+        wants = yourls.phpFpm.serviceDeps;
+      };
+      ympd = {
+        description = "Standalone MPD Web GUI written in C";
+        wantedBy = [ "multi-user.target" ];
+        script = ''
+          export MPD_PASSWORD=$(cat /var/secrets/mpd)
+          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
+          '';
+      };
+      tt-rss = {
+        description = "Tiny Tiny RSS feeds update daemon";
+        serviceConfig = {
+          User = "wwwrun";
+          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
+          StandardOutput = "syslog";
+          StandardError = "syslog";
+          PermissionsStartOnly = true;
+        };
+
+        wantedBy = [ "multi-user.target" ];
+        requires = ["postgresql.service"];
+        after = ["network.target" "postgresql.service"];
+      };
+    };
+
+    services.phpfpm.pools.roundcubemail = {
+      listen = roundcubemail.phpFpm.socket;
+      extraConfig = roundcubemail.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
     };
 
-    services.myPhpfpm.poolPhpConfigs = {
-      devtools = ''
+    services.phpfpm.pools.devtools = {
+      listen = "/var/run/phpfpm/devtools.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+        pm = dynamic
+        pm.max_children = 60
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 10
+
+        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
         extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
         extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
         zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
         '';
-      roundcubemail = roundcubemail.phpFpm.phpConfig;
-    };
-    services.myPhpfpm.preStart = {
-      wallabag = wallabag.phpFpm.preStart;
     };
-    services.myPhpfpm.poolConfigs = {
+
+    services.phpfpm.poolConfigs = {
       adminer = adminer.phpFpm.pool;
       ttrss = ttrss.phpFpm.pool;
-      roundcubemail = roundcubemail.phpFpm.pool;
       wallabag = wallabag.phpFpm.pool;
       yourls = yourls.phpFpm.pool;
       rompr = rompr.phpFpm.pool;
@@ -192,20 +249,6 @@ in {
       ldap = ldap.phpFpm.pool;
       rainloop = rainloop.phpFpm.pool;
       kanboard = kanboard.phpFpm.pool;
-      devtools = ''
-        listen = /var/run/phpfpm/devtools.sock
-        user = wwwrun
-        group = wwwrun
-        listen.owner = wwwrun
-        listen.group = wwwrun
-        pm = dynamic
-        pm.max_children = 60
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 10
-
-        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
-        '';
       tools = ''
         listen = /var/run/phpfpm/tools.sock
         user = wwwrun
@@ -250,21 +293,6 @@ in {
       ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
       '';
 
-    systemd.services.tt-rss = {
-      description = "Tiny Tiny RSS feeds update daemon";
-      serviceConfig = {
-        User = "wwwrun";
-        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
-        StandardOutput = "syslog";
-        StandardError = "syslog";
-        PermissionsStartOnly = true;
-      };
-
-      wantedBy = [ "multi-user.target" ];
-      requires = ["postgresql.service"];
-      after = ["network.target" "postgresql.service"];
-    };
-
   };
 }
 
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 6177ff3..8974d1b 100644
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -102,7 +102,6 @@ rec {
       '';
     socket = "/var/run/phpfpm/roundcubemail.sock";
     pool = ''
-      listen = ${socket}
       user = ${apache.user}
       group = ${apache.group}
       listen.owner = ${apache.user}