Start moving php configuration to a dedicated module

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-01 12:46:35 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-01 12:46:35 +0200
commit: 2e48907d64491a06454b342a1a56d03a0835753d (patch)
tree: fe666cc9f58135b5691a34d2a1e8b57d978d8d35
parent: f4da0504f34817e39350ff7db2bc7e7e94992a03 (diff)
download: Nix-2e48907d64491a06454b342a1a56d03a0835753d.tar.gz
Nix-2e48907d64491a06454b342a1a56d03a0835753d.tar.zst
Nix-2e48907d64491a06454b342a1a56d03a0835753d.zip
3 files changed, 171 insertions, 10 deletions
diff --git a/modules/default.nix b/modules/default.nix
index e36f1a0..dd34870 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -10,5 +10,6 @@
  mediagoblin = ./webapps/mediagoblin.nix;
  peertube = ./webapps/peertube.nix;
+  php-application = ./websites/php-application.nix;
  websites = ./websites;
 } // (if builtins.pathExists ./private then import ./private else {})
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
index 384b324..f8d8b53 100644
--- a/modules/private/websites/aten/integration.nix
+++ b/modules/private/websites/aten/integration.nix
@@ -12,14 +12,26 @@ in {
  options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";
  config = lib.mkIf cfg.enable {
+    services.phpApplication.aten_dev = let
+      app = pkgs.webapps.aten.override { environment = "dev"; };
+    in {
+      websiteEnv = "integration";
+      httpdUser = config.services.httpd.Inte.user;
+      httpdGroup = config.services.httpd.Inte.group;
+      inherit (app) webRoot varDir;
+      inherit app;
+      serviceDeps = [ "postgresql.service" ];
+      preStartActions = [
+        "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
+      ];
+      watchFiles = [
+        "${config.secrets.location}/webapps/${app.environment}-aten"
+      ];
+      webappName = "aten_dev";
+    };
    secrets.keys = aten.keys;
-    systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart;
-    systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps;
-    systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps;
    services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
-    system.activationScripts.aten_dev = aten.activationScript;
-    myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
-    services.websites.integration.modules = aten.apache.modules;
    services.websites.integration.vhostConfs.aten = {
      certName    = "eldiron";
      addToCerts  = true;
@@ -27,9 +39,5 @@ in {
      root        = aten.apache.root;
      extraConfig = [ aten.apache.vhostConf ];
    };
-    services.websites.integration.watchPaths = [
-      "/var/secrets/webapps/${aten.app.environment}-aten"
-    ];
  };
 }
diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix
new file mode 100644
index 0000000..7bbae50
--- /dev/null
+++ b/modules/websites/php-application.nix
@@ -0,0 +1,152 @@
+{ lib, config, ... }:
+with lib;
+let
+  cfg = config.services.phpApplication;
+  cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg);
+in
+{
+  options = {
+    services.phpApplication = with types; mkOption {
+      default = {};
+      description = ''
+        php applications to define
+        '';
+      type = attrsOf (submodule {
+        options = {
+          varDir = mkOption {
+            type = nullOr path;
+            description = ''
+              Path to application’s vardir.
+              '';
+          };
+          mode = mkOption {
+            type = str;
+            default = "0700";
+            description = ''
+              Mode to apply to the vardir
+              '';
+          };
+          phpSession = mkOption {
+            type = bool;
+            default = true;
+            description = "Handle phpsession files separately in vardir";
+          };
+          websiteEnv = mkOption {
+            type = str;
+            description = ''
+              website instance name to use
+              '';
+          };
+          httpdUser = mkOption {
+            type = str;
+            default = config.services.httpd.user;
+            description = ''
+              httpd user to run the prestart scripts as.
+              '';
+          };
+          httpdGroup = mkOption {
+            type = str;
+            default = config.services.httpd.group;
+            description = ''
+              httpd group to run the prestart scripts as.
+              '';
+          };
+          app = mkOption {
+            type = path;
+            description = ''
+              Path to application root
+              '';
+          };
+          webappName = mkOption {
+            type = nullOr str;
+            description = ''
+              Alias name for the app, to be used in services.websites.webappDirs
+              '';
+          };
+          webRoot = mkOption {
+            type = nullOr path;
+            description = ''
+              Path to the web root path of the application. May differ from the application itself (usually a subdirectory)
+              '';
+          };
+          preStartActions = mkOption {
+            type = listOf str;
+            default = [];
+            description = ''
+              List of actions to run as apache user at preStart when
+              whatchFiles or app dir changed.
+              '';
+          };
+          serviceDeps = mkOption {
+            type = listOf str;
+            default = [];
+            description = ''
+              List of systemd services this application depends on
+              '';
+          };
+          watchFiles = mkOption {
+            type = listOf path;
+            default = [];
+            description = ''
+              Path to other files to watch to trigger preStart scripts
+              '';
+          };
+        };
+      });
+    };
+  };
+  config = {
+    services.websites = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
+      name {
+        modules = [ "proxy_fcgi" ];
+        watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs);
+      }
+    ) cfgByEnv;
+    services.websitesWebappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+      icfg.webappName icfg.webRoot
+    ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg);
+    systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+      "phpfpm-${name}" {
+        after = lib.mkAfter icfg.serviceDeps;
+        wants = icfg.serviceDeps;
+        preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
+          watchFilesChanged() {
+            ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
+            [ ! -f "${icfg.varDir}"/watchedFiles ] \
+              || ! sha512sum -c --status ${icfg.varDir}/watchedFiles
+          }
+          appDirChanged() {
+            [ ! -f "${icfg.varDir}/currentWebappDir" -o \
+              "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
+          }
+          updateWatchFiles() {
+            ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
+            sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles
+          }
+          if watchFilesChanged || appDirChanged; then
+            pushd ${icfg.app} > /dev/null
+            ${builtins.concatStringsSep "\n  " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) }
+            popd > /dev/null
+            echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir
+            updateWatchFiles
+          fi
+        '');
+      }
+    ) cfg;
+    system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+      name {
+        deps = [];
+        text = optionalString (!isNull icfg.varDir) ''
+          install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}
+          '' + optionalString (icfg.phpSession) ''
+          install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
+          '';
+      }
+    ) cfg;
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-01 12:46:35 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-01 12:46:35 +0200
commit	2e48907d64491a06454b342a1a56d03a0835753d (patch)
tree	fe666cc9f58135b5691a34d2a1e8b57d978d8d35
parent	f4da0504f34817e39350ff7db2bc7e7e94992a03 (diff)
download	Nix-2e48907d64491a06454b342a1a56d03a0835753d.tar.gz Nix-2e48907d64491a06454b342a1a56d03a0835753d.tar.zst Nix-2e48907d64491a06454b342a1a56d03a0835753d.zip

diff --git a/modules/default.nix b/modules/default.nix index e36f1a0..dd34870 100644 --- a/modules/default.nix +++ b/modules/default.nix
@@ -10,5 +10,6 @@
10	mediagoblin = ./webapps/mediagoblin.nix;	10	mediagoblin = ./webapps/mediagoblin.nix;
11	peertube = ./webapps/peertube.nix;	11	peertube = ./webapps/peertube.nix;
12		12
		13	php-application = ./websites/php-application.nix;
13	websites = ./websites;	14	websites = ./websites;
14	} // (if builtins.pathExists ./private then import ./private else {})	15	} // (if builtins.pathExists ./private then import ./private else {})


diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 384b324..f8d8b53 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix
@@ -12,14 +12,26 @@ in {
12	options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";	12	options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";
13		13
14	config = lib.mkIf cfg.enable {	14	config = lib.mkIf cfg.enable {
		15	services.phpApplication.aten_dev = let
		16	app = pkgs.webapps.aten.override { environment = "dev"; };
		17	in {
		18	websiteEnv = "integration";
		19	httpdUser = config.services.httpd.Inte.user;
		20	httpdGroup = config.services.httpd.Inte.group;
		21	inherit (app) webRoot varDir;
		22	inherit app;
		23	serviceDeps = [ "postgresql.service" ];
		24	preStartActions = [
		25	"APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
		26	];
		27	watchFiles = [
		28	"${config.secrets.location}/webapps/${app.environment}-aten"
		29	];
		30	webappName = "aten_dev";
		31	};
		32
15	secrets.keys = aten.keys;	33	secrets.keys = aten.keys;
16	systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart;
17	systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps;
18	systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps;
19	services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;	34	services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
20	system.activationScripts.aten_dev = aten.activationScript;
21	myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
22	services.websites.integration.modules = aten.apache.modules;
23	services.websites.integration.vhostConfs.aten = {	35	services.websites.integration.vhostConfs.aten = {
24	certName = "eldiron";	36	certName = "eldiron";
25	addToCerts = true;	37	addToCerts = true;
@@ -27,9 +39,5 @@ in {
27	root = aten.apache.root;	39	root = aten.apache.root;
28	extraConfig = [ aten.apache.vhostConf ];	40	extraConfig = [ aten.apache.vhostConf ];
29	};	41	};
30	services.websites.integration.watchPaths = [
31	"/var/secrets/webapps/${aten.app.environment}-aten"
32	];
33	};	42	};
34	}	43	}
35


diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix new file mode 100644 index 0000000..7bbae50 --- /dev/null +++ b/modules/websites/php-application.nix
@@ -0,0 +1,152 @@
		1	{ lib, config, ... }:
		2	with lib;
		3	let
		4	cfg = config.services.phpApplication;
		5	cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg);
		6	in
		7	{
		8	options = {
		9	services.phpApplication = with types; mkOption {
		10	default = {};
		11	description = ''
		12	php applications to define
		13	'';
		14	type = attrsOf (submodule {
		15	options = {
		16	varDir = mkOption {
		17	type = nullOr path;
		18	description = ''
		19	Path to application’s vardir.
		20	'';
		21	};
		22	mode = mkOption {
		23	type = str;
		24	default = "0700";
		25	description = ''
		26	Mode to apply to the vardir
		27	'';
		28	};
		29	phpSession = mkOption {
		30	type = bool;
		31	default = true;
		32	description = "Handle phpsession files separately in vardir";
		33	};
		34	websiteEnv = mkOption {
		35	type = str;
		36	description = ''
		37	website instance name to use
		38	'';
		39	};
		40	httpdUser = mkOption {
		41	type = str;
		42	default = config.services.httpd.user;
		43	description = ''
		44	httpd user to run the prestart scripts as.
		45	'';
		46	};
		47	httpdGroup = mkOption {
		48	type = str;
		49	default = config.services.httpd.group;
		50	description = ''
		51	httpd group to run the prestart scripts as.
		52	'';
		53	};
		54	app = mkOption {
		55	type = path;
		56	description = ''
		57	Path to application root
		58	'';
		59	};
		60	webappName = mkOption {
		61	type = nullOr str;
		62	description = ''
		63	Alias name for the app, to be used in services.websites.webappDirs
		64	'';
		65	};
		66	webRoot = mkOption {
		67	type = nullOr path;
		68	description = ''
		69	Path to the web root path of the application. May differ from the application itself (usually a subdirectory)
		70	'';
		71	};
		72	preStartActions = mkOption {
		73	type = listOf str;
		74	default = [];
		75	description = ''
		76	List of actions to run as apache user at preStart when
		77	whatchFiles or app dir changed.
		78	'';
		79	};
		80	serviceDeps = mkOption {
		81	type = listOf str;
		82	default = [];
		83	description = ''
		84	List of systemd services this application depends on
		85	'';
		86	};
		87	watchFiles = mkOption {
		88	type = listOf path;
		89	default = [];
		90	description = ''
		91	Path to other files to watch to trigger preStart scripts
		92	'';
		93	};
		94	};
		95	});
		96	};
		97	};
		98
		99	config = {
		100	services.websites = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
		101	name {
		102	modules = [ "proxy_fcgi" ];
		103	watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs);
		104	}
		105	) cfgByEnv;
		106
		107	services.websitesWebappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
		108	icfg.webappName icfg.webRoot
		109	) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg);
		110
		111	systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
		112	"phpfpm-${name}" {
		113	after = lib.mkAfter icfg.serviceDeps;
		114	wants = icfg.serviceDeps;
		115	preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
		116	watchFilesChanged() {
		117	${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
		118	[ ! -f "${icfg.varDir}"/watchedFiles ] \
		119	\|\| ! sha512sum -c --status ${icfg.varDir}/watchedFiles
		120	}
		121	appDirChanged() {
		122	[ ! -f "${icfg.varDir}/currentWebappDir" -o \
		123	"${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
		124	}
		125	updateWatchFiles() {
		126	${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
		127	sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles
		128	}
		129
		130	if watchFilesChanged \|\| appDirChanged; then
		131	pushd ${icfg.app} > /dev/null
		132	${builtins.concatStringsSep "\n " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) }
		133	popd > /dev/null
		134	echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir
		135	updateWatchFiles
		136	fi
		137	'');
		138	}
		139	) cfg;
		140
		141	system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
		142	name {
		143	deps = [];
		144	text = optionalString (!isNull icfg.varDir) ''
		145	install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}
		146	'' + optionalString (icfg.phpSession) ''
		147	install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
		148	'';
		149	}
		150	) cfg;
		151	};
		152	}