diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /modules/websites/php-application.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'modules/websites/php-application.nix')
-rw-r--r-- | modules/websites/php-application.nix | 224 |
1 files changed, 0 insertions, 224 deletions
diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix deleted file mode 100644 index 3a43a45..0000000 --- a/modules/websites/php-application.nix +++ /dev/null | |||
@@ -1,224 +0,0 @@ | |||
1 | { lib, config, pkgs, ... }: | ||
2 | with lib; | ||
3 | let | ||
4 | cfg = config.services.phpApplication; | ||
5 | cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps); | ||
6 | in | ||
7 | { | ||
8 | options = with types; { | ||
9 | services.phpApplication.apps = mkOption { | ||
10 | default = {}; | ||
11 | description = '' | ||
12 | php applications to define | ||
13 | ''; | ||
14 | type = attrsOf (submodule { | ||
15 | options = { | ||
16 | varDir = mkOption { | ||
17 | type = nullOr path; | ||
18 | description = '' | ||
19 | Path to application’s vardir. | ||
20 | ''; | ||
21 | }; | ||
22 | varDirPaths = mkOption { | ||
23 | type = attrsOf str; | ||
24 | default = {}; | ||
25 | description = '' | ||
26 | Map of additional folders => mode to create under varDir | ||
27 | ''; | ||
28 | }; | ||
29 | mode = mkOption { | ||
30 | type = str; | ||
31 | default = "0700"; | ||
32 | description = '' | ||
33 | Mode to apply to the vardir | ||
34 | ''; | ||
35 | }; | ||
36 | phpSession = mkOption { | ||
37 | type = bool; | ||
38 | default = true; | ||
39 | description = "Handle phpsession files separately in vardir"; | ||
40 | }; | ||
41 | phpListen = mkOption { | ||
42 | type = nullOr str; | ||
43 | default = null; | ||
44 | description = "Name of the socket to listen to. Defaults to app name if null"; | ||
45 | }; | ||
46 | phpPool = mkOption { | ||
47 | type = attrsOf str; | ||
48 | default = {}; | ||
49 | description = "Pool configuration to append"; | ||
50 | }; | ||
51 | phpEnv = mkOption { | ||
52 | type = attrsOf str; | ||
53 | default = {}; | ||
54 | description = "Pool environment to append"; | ||
55 | }; | ||
56 | phpPackage = mkOption { | ||
57 | type = attrsOf str; | ||
58 | default = pkgs.php; | ||
59 | description = "Php package to use"; | ||
60 | }; | ||
61 | phpOptions = mkOption { | ||
62 | type = lines; | ||
63 | default = ""; | ||
64 | description = "php configuration to append"; | ||
65 | }; | ||
66 | phpOpenbasedir = mkOption { | ||
67 | type = listOf path; | ||
68 | default = []; | ||
69 | description = '' | ||
70 | paths to add to php open_basedir configuration in addition to app and vardir | ||
71 | ''; | ||
72 | }; | ||
73 | phpWatchFiles = mkOption { | ||
74 | type = listOf path; | ||
75 | default = []; | ||
76 | description = '' | ||
77 | Path to other files to watch to trigger preStart scripts | ||
78 | ''; | ||
79 | }; | ||
80 | websiteEnv = mkOption { | ||
81 | type = str; | ||
82 | description = '' | ||
83 | website instance name to use | ||
84 | ''; | ||
85 | }; | ||
86 | httpdUser = mkOption { | ||
87 | type = str; | ||
88 | default = config.services.httpd.user; | ||
89 | description = '' | ||
90 | httpd user to run the prestart scripts as. | ||
91 | ''; | ||
92 | }; | ||
93 | httpdGroup = mkOption { | ||
94 | type = str; | ||
95 | default = config.services.httpd.group; | ||
96 | description = '' | ||
97 | httpd group to run the prestart scripts as. | ||
98 | ''; | ||
99 | }; | ||
100 | httpdWatchFiles = mkOption { | ||
101 | type = listOf path; | ||
102 | default = []; | ||
103 | description = '' | ||
104 | Path to other files to watch to trigger httpd reload | ||
105 | ''; | ||
106 | }; | ||
107 | app = mkOption { | ||
108 | type = path; | ||
109 | description = '' | ||
110 | Path to application root | ||
111 | ''; | ||
112 | }; | ||
113 | webRoot = mkOption { | ||
114 | type = nullOr path; | ||
115 | description = '' | ||
116 | Path to the web root path of the application. May differ from the application itself (usually a subdirectory) | ||
117 | ''; | ||
118 | }; | ||
119 | preStartActions = mkOption { | ||
120 | type = listOf str; | ||
121 | default = []; | ||
122 | description = '' | ||
123 | List of actions to run as apache user at preStart when | ||
124 | whatchFiles or app dir changed. | ||
125 | ''; | ||
126 | }; | ||
127 | serviceDeps = mkOption { | ||
128 | type = listOf str; | ||
129 | default = []; | ||
130 | description = '' | ||
131 | List of systemd services this application depends on | ||
132 | ''; | ||
133 | }; | ||
134 | }; | ||
135 | }); | ||
136 | }; | ||
137 | # Read-only variables | ||
138 | services.phpApplication.phpListenPaths = mkOption { | ||
139 | type = attrsOf path; | ||
140 | default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
141 | name config.services.phpfpm.pools."${name}".socket | ||
142 | ) cfg.apps; | ||
143 | readOnly = true; | ||
144 | description = '' | ||
145 | Full paths to listen for php | ||
146 | ''; | ||
147 | }; | ||
148 | }; | ||
149 | |||
150 | config = { | ||
151 | services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair | ||
152 | name { | ||
153 | modules = [ "proxy_fcgi" ]; | ||
154 | watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs); | ||
155 | } | ||
156 | ) cfgByEnv; | ||
157 | |||
158 | services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
159 | name { | ||
160 | user = icfg.httpdUser; | ||
161 | group = icfg.httpdUser; | ||
162 | settings = { | ||
163 | "listen.owner" = icfg.httpdUser; | ||
164 | "listen.group" = icfg.httpdGroup; | ||
165 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir); | ||
166 | } | ||
167 | // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; } | ||
168 | // icfg.phpPool; | ||
169 | phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions; | ||
170 | inherit (icfg) phpEnv phpPackage; | ||
171 | } | ||
172 | ) cfg.apps; | ||
173 | |||
174 | services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
175 | "phpfpm-${name}" { | ||
176 | restart = true; | ||
177 | paths = icfg.phpWatchFiles; | ||
178 | } | ||
179 | ) (attrsets.filterAttrs (n: v: builtins.length v.phpWatchFiles > 0) cfg.apps); | ||
180 | |||
181 | systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
182 | "phpfpm-${name}" { | ||
183 | after = lib.mkAfter icfg.serviceDeps; | ||
184 | wants = icfg.serviceDeps; | ||
185 | preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' | ||
186 | watchFilesChanged() { | ||
187 | ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"} | ||
188 | [ ! -f "${icfg.varDir}"/watchedFiles ] \ | ||
189 | || ! sha512sum -c --status ${icfg.varDir}/watchedFiles | ||
190 | } | ||
191 | appDirChanged() { | ||
192 | [ ! -f "${icfg.varDir}/currentWebappDir" -o \ | ||
193 | "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] | ||
194 | } | ||
195 | updateWatchFiles() { | ||
196 | ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"} | ||
197 | sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles | ||
198 | } | ||
199 | |||
200 | if watchFilesChanged || appDirChanged; then | ||
201 | pushd ${icfg.app} > /dev/null | ||
202 | ${builtins.concatStringsSep "\n " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) } | ||
203 | popd > /dev/null | ||
204 | echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir | ||
205 | updateWatchFiles | ||
206 | fi | ||
207 | ''); | ||
208 | } | ||
209 | ) cfg.apps; | ||
210 | |||
211 | system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
212 | name { | ||
213 | deps = []; | ||
214 | text = optionalString (!isNull icfg.varDir) '' | ||
215 | install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir} | ||
216 | '' + optionalString (icfg.phpSession) '' | ||
217 | install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions | ||
218 | '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: '' | ||
219 | install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n} | ||
220 | '') icfg.varDirPaths); | ||
221 | } | ||
222 | ) cfg.apps; | ||
223 | }; | ||
224 | } | ||