Finish moving aten php configuration to dedicated module

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-02 09:48:05 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-02 11:23:54 +0200
commit: 717ccfd957e686d773480df817387aebbe79aa48 (patch)
tree: b2f59c57da32dcafefee9ccc5d7e6d32e498721e /modules/websites/php-application.nix
parent: 29f8cb850d74b456d6481a456311bbf5361d328c (diff)
download: Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.gz
Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.zst
Nix-717ccfd957e686d773480df817387aebbe79aa48.zip
1 files changed, 83 insertions, 18 deletions
diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix
index 765d406..1bc4872 100644
--- a/modules/websites/php-application.nix
+++ b/modules/websites/php-application.nix
@@ -2,11 +2,11 @@
 with lib;
 let
  cfg = config.services.phpApplication;
-  cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg);
+  cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps);
 in
 {
-  options = {
+  options = with types; {
-    services.phpApplication = with types; mkOption {
+    services.phpApplication.apps = mkOption {
      default = {};
      description = ''
        php applications to define
@@ -31,6 +31,35 @@ in
            default = true;
            description = "Handle phpsession files separately in vardir";
          };
+          phpListen = mkOption {
+            type = nullOr str;
+            default = null;
+            description = "Name of the socket to listen to. Defaults to app name if null";
+          };
+          phpPool = mkOption {
+            type = lines;
+            default = "";
+            description = "Pool configuration to append";
+          };
+          phpOptions = mkOption {
+            type = lines;
+            default = "";
+            description = "php configuration to append";
+          };
+          phpOpenbasedir = mkOption {
+            type = listOf path;
+            default = [];
+            description = ''
+              paths to add to php open_basedir configuration in addition to app and vardir
+              '';
+          };
+          phpWatchFiles = mkOption {
+            type = listOf path;
+            default = [];
+            description = ''
+              Path to other files to watch to trigger preStart scripts
+              '';
+          };
          websiteEnv = mkOption {
            type = str;
            description = ''
@@ -51,6 +80,13 @@ in
              httpd group to run the prestart scripts as.
              '';
          };
+          httpdWatchFiles = mkOption {
+            type = listOf path;
+            default = [];
+            description = ''
+              Path to other files to watch to trigger httpd reload
+              '';
+          };
          app = mkOption {
            type = path;
            description = ''
@@ -59,6 +95,7 @@ in
          };
          webappName = mkOption {
            type = nullOr str;
+            default = null;
            description = ''
              Alias name for the app, to be used in services.websites.webappDirs
              '';
@@ -84,29 +121,57 @@ in
              List of systemd services this application depends on
              '';
          };
-          watchFiles = mkOption {
-            type = listOf path;
-            default = [];
-            description = ''
-              Path to other files to watch to trigger preStart scripts
-              '';
-          };
        };
      });
    };
+    # Read-only variables
+    services.phpApplication.phpListenPaths = mkOption {
+      type = attrsOf path;
+      default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+        name "/run/phpfpm/${if icfg.phpListen == null then name else icfg.phpListen}.sock"
+      ) cfg.apps;
+      readOnly = true;
+      description = ''
+        Full paths to listen for php
+        '';
+    };
+    services.phpApplication.webappDirs = mkOption {
+      type = attrsOf path;
+      default = attrsets.filterAttrs (n: v: builtins.hasAttr n cfg.apps) config.services.websites.webappDirsPaths;
+      readOnly = true;
+      description = ''
+        Stable name webapp dirs for httpd
+        '';
+    };
  };
  config = {
    services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
      name {
        modules = [ "proxy_fcgi" ];
-        watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs);
+        watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs);
      }
    ) cfgByEnv;
+    services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+      name {
+        listen = cfg.phpListenPaths."${name}";
+        extraConfig = ''
+          user = ${icfg.httpdUser}
+          group = ${icfg.httpdGroup}
+          listen.owner = ${icfg.httpdUser}
+          listen.group = ${icfg.httpdGroup}
+          ${optionalString (icfg.phpSession) ''
+            php_admin_value[session.save_path] = "${icfg.varDir}/phpSessions"''}
+          php_admin_value[open_basedir] = "${builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpOpenbasedir)}"
+          '' + icfg.phpPool;
+        phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions;
+      }
+    ) cfg.apps;
    services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
-      icfg.webappName icfg.webRoot
+      (if icfg.webappName == null then name else icfg.webappName) icfg.webRoot
-    ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg);
+    ) (attrsets.filterAttrs (n: v: !isNull v.webRoot) cfg.apps);
    systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
      "phpfpm-${name}" {
@@ -114,7 +179,7 @@ in
        wants = icfg.serviceDeps;
        preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
          watchFilesChanged() {
-            ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
+            ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"}
            [ ! -f "${icfg.varDir}"/watchedFiles ] \
              || ! sha512sum -c --status ${icfg.varDir}/watchedFiles
          }
@@ -123,8 +188,8 @@ in
              "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
          }
          updateWatchFiles() {
-            ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"}
+            ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"}
-            sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles
+            sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles
          }
          if watchFilesChanged || appDirChanged; then
@@ -136,7 +201,7 @@ in
          fi
        '');
      }
-    ) cfg;
+    ) cfg.apps;
    system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
      name {
@@ -147,6 +212,6 @@ in
          install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
          '';
      }
-    ) cfg;
+    ) cfg.apps;
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-02 09:48:05 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-02 11:23:54 +0200
commit	717ccfd957e686d773480df817387aebbe79aa48 (patch)
tree	b2f59c57da32dcafefee9ccc5d7e6d32e498721e /modules/websites/php-application.nix
parent	29f8cb850d74b456d6481a456311bbf5361d328c (diff)
download	Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.gz Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.zst Nix-717ccfd957e686d773480df817387aebbe79aa48.zip