10 files changed, 257 insertions, 22 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 2e4ae12..c9075cf 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -32,6 +32,7 @@
      ./modules/gitweb.nix
      ./modules/databases.nix
      ./modules/websites
+      ./modules/websites/phpfpm
    ];
    services.myGitolite.enable = true;
    services.myGitweb.enable = true;
@@ -73,8 +74,8 @@
        cd ${mypkgs.nextcloud.webRoot}
        NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \
          exec \
-          ${config.services.phpfpm.phpPackage}/bin/php \
+          ${pkgs.php}/bin/php \
-          -c ${config.services.phpfpm.phpPackage}/etc/php.ini \
+          -c ${pkgs.php}/etc/php.ini \
          occ $*
        '';
    in [
@@ -98,23 +99,19 @@
    services.ympd = mypkgs.ympd.config // { enable = false; };
-    services.phpfpm = {
+    services.myPhpfpm = {
-      # FIXME: move session files to separate dirs
+      phpPackage = pkgs.php;
-      # /!\ phppackage is used in nextcloud configuation
      phpOptions = ''
        session.save_path = "/var/lib/php/sessions"
        session.gc_maxlifetime = 60*60*24*15
        session.cache_expire = 60*24*30
-        ; For nextcloud
-        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
-        ; For nextcloud
-        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
-        ; For nextcloud
-        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
      extraConfig = ''
        log_level = notice
        '';
+      poolPhpConfigs = {
+        nextcloud = mypkgs.nextcloud.phpFpm.phpConfig;
+      };
      poolConfigs = {
        adminer = mypkgs.adminer.phpFpm.pool;
        nextcloud = mypkgs.nextcloud.phpFpm.pool;
diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix
index d9db75c..2f319bb 100644
--- a/virtual/modules/websites/aten/default.nix
+++ b/virtual/modules/websites/aten/default.nix
@@ -36,7 +36,7 @@ in {
        };
      };
-      services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
      system.activationScripts.aten_prod = aten_prod.activationScript;
      services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
      services.myWebsites.production.modules = aten_prod.apache.modules;
@@ -49,7 +49,7 @@ in {
    })
    (lib.mkIf cfg.integration.enable {
      security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
-      services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
      system.activationScripts.aten_dev = aten_dev.activationScript;
      services.myWebsites.integration.modules = aten_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.aten = {
diff --git a/virtual/modules/websites/chloe/default.nix b/virtual/modules/websites/chloe/default.nix
index 72a9b6f..e5c3db7 100644
--- a/virtual/modules/websites/chloe/default.nix
+++ b/virtual/modules/websites/chloe/default.nix
@@ -36,7 +36,7 @@ in {
        };
      };
-      services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
      system.activationScripts.chloe_prod = chloe_prod.activationScript;
      services.myWebsites.production.modules = chloe_prod.apache.modules;
      services.myWebsites.production.vhostConfs.chloe = {
@@ -48,7 +48,7 @@ in {
    })
    (lib.mkIf cfg.integration.enable {
      security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
-      services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
      system.activationScripts.chloe_dev = chloe_dev.activationScript;
      services.myWebsites.integration.modules = chloe_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.chloe = {
diff --git a/virtual/modules/websites/connexionswing/default.nix b/virtual/modules/websites/connexionswing/default.nix
index 636b16e..5667c91 100644
--- a/virtual/modules/websites/connexionswing/default.nix
+++ b/virtual/modules/websites/connexionswing/default.nix
@@ -38,7 +38,7 @@ in {
        };
      };
-      services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
      system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
      services.myWebsites.production.modules = connexionswing_prod.apache.modules;
      services.myWebsites.production.vhostConfs.connexionswing = {
@@ -51,7 +51,7 @@ in {
    (lib.mkIf cfg.integration.enable {
      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
-      services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
      system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
      services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.connexionswing = {
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index 14b9998..54284e8 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -107,6 +107,26 @@ in
      ];
    };
+    nixpkgs.config.packageOverrides = oldpkgs: rec {
+      php = php72;
+      php72 = (oldpkgs.php72.override {
+        mysql.connector-c = pkgs.mariadb;
+        config.php.mysqlnd = false;
+        config.php.mysqli = false;
+      }).overrideAttrs(old: rec {
+        # Didn't manage to build with mysqli + mysql_config connector
+        configureFlags = old.configureFlags ++ [
+          "--with-mysqli=mysqlnd"
+          ];
+        # preConfigure = (old.preConfigure or "") + ''
+        #   export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
+        #   sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
+        #     ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
+        #   '';
+      });
+      phpPackages = oldpkgs.php72Packages.override { inherit php; };
+    };
    services.myWebsites.Chloe.production.enable = cfg.production.enable;
    services.myWebsites.Ludivine.production.enable = cfg.production.enable;
    services.myWebsites.Aten.production.enable = cfg.production.enable;
diff --git a/virtual/modules/websites/ludivine/default.nix b/virtual/modules/websites/ludivine/default.nix
index ed719ba..6aa1862 100644
--- a/virtual/modules/websites/ludivine/default.nix
+++ b/virtual/modules/websites/ludivine/default.nix
@@ -32,7 +32,7 @@ in {
        };
      };
-      services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
      system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
      services.myWebsites.production.modules = ludivinecassal_prod.apache.modules;
      services.myWebsites.production.vhostConfs.ludivine = {
@@ -45,7 +45,7 @@ in {
    (lib.mkIf cfg.integration.enable {
      security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
-      services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
      system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
      services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
      services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules;
diff --git a/virtual/modules/websites/phpfpm/default.nix b/virtual/modules/websites/phpfpm/default.nix
new file mode 100644
index 0000000..3c6f027
--- /dev/null
+++ b/virtual/modules/websites/phpfpm/default.nix
@@ -0,0 +1,178 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.myPhpfpm;
+  enabled = cfg.poolConfigs != {} || cfg.pools != {};
+  stateDir = "/run/phpfpm";
+  poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools;
+  mkPool = n: p: ''
+    listen = ${p.listen}
+    ${p.extraConfig}
+  '';
+  fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" ''
+    [global]
+    error_log = syslog
+    daemonize = no
+    ${cfg.extraConfig}
+    [${pool}]
+    ${poolConfig}
+  '';
+  phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" {
+    inherit (cfg) phpPackage phpOptions;
+    inherit poolPhpOptions;
+    nixDefaults = ''
+      sendmail_path = "/run/wrappers/bin/sendmail -t -i"
+    '';
+    passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ];
+  } ''
+    cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out
+  '');
+in {
+  options = {
+    services.myPhpfpm = {
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Extra configuration that should be put in the global section of
+          the PHP-FPM configuration file. Do not specify the options
+          <literal>error_log</literal> or
+          <literal>daemonize</literal> here, since they are generated by
+          NixOS.
+        '';
+      };
+      phpPackage = mkOption {
+        type = types.package;
+        default = pkgs.php;
+        defaultText = "pkgs.php";
+        description = ''
+          The PHP package to use for running the PHP-FPM service.
+        '';
+      };
+      phpOptions = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            date.timezone = "CET"
+          '';
+        description =
+          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
+      };
+      poolPhpConfigs = mkOption {
+        default = {};
+        type = types.attrsOf types.lines;
+        example = literalExample ''
+          { mypool = '''
+              extension = some_extension.so
+            ''';
+          }
+        '';
+        description = ''
+          Extra lines that go into the php configuration specific to pool.
+        '';
+      };
+      poolConfigs = mkOption {
+        default = {};
+        type = types.attrsOf types.lines;
+        example = literalExample ''
+          { mypool = '''
+              listen = /run/phpfpm/mypool
+              user = nobody
+              pm = dynamic
+              pm.max_children = 75
+              pm.start_servers = 10
+              pm.min_spare_servers = 5
+              pm.max_spare_servers = 20
+              pm.max_requests = 500
+            ''';
+          }
+        '';
+        description = ''
+          A mapping between PHP-FPM pool names and their configurations.
+          See the documentation on <literal>php-fpm.conf</literal> for
+          details on configuration directives. If no pools are defined,
+          the phpfpm service is disabled.
+        '';
+      };
+      pools = mkOption {
+        type = types.attrsOf (types.submodule (import ./pool-options.nix {
+          inherit lib;
+        }));
+        default = {};
+        example = literalExample ''
+         {
+           mypool = {
+             listen = "/path/to/unix/socket";
+             extraConfig = '''
+               user = nobody
+               pm = dynamic
+               pm.max_children = 75
+               pm.start_servers = 10
+               pm.min_spare_servers = 5
+               pm.max_spare_servers = 20
+               pm.max_requests = 500
+             ''';
+           }
+         }'';
+        description = ''
+          PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM
+          service is disabled.
+        '';
+      };
+    };
+  };
+  config = mkIf enabled {
+    systemd.slices.phpfpm = {
+      description = "PHP FastCGI Process manager pools slice";
+    };
+    systemd.targets.phpfpm = {
+      description = "PHP FastCGI Process manager pools target";
+      wantedBy = [ "multi-user.target" ];
+    };
+    systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
+      nameValuePair "phpfpm-${pool}" {
+        description = "PHP FastCGI Process Manager service for pool ${pool}";
+        after = [ "network.target" ];
+        wantedBy = [ "phpfpm.target" ];
+        partOf = [ "phpfpm.target" ];
+        preStart = ''
+          mkdir -p ${stateDir}
+        '';
+        serviceConfig = let
+          cfgFile = fpmCfgFile pool poolConfig;
+          poolPhpIni = cfg.poolPhpConfigs.${pool} or "";
+        in {
+          Slice = "phpfpm.slice";
+          PrivateDevices = true;
+          ProtectSystem = "full";
+          ProtectHome = true;
+          # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
+          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
+          Type = "notify";
+          ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}";
+          ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
+        };
+      }
+   );
+  };
+}
diff --git a/virtual/modules/websites/phpfpm/pool-options.nix b/virtual/modules/websites/phpfpm/pool-options.nix
new file mode 100644
index 0000000..cc688c2
--- /dev/null
+++ b/virtual/modules/websites/phpfpm/pool-options.nix
@@ -0,0 +1,35 @@
+{ lib }:
+with lib; {
+  options = {
+    listen = mkOption {
+      type = types.str;
+      example = "/path/to/unix/socket";
+      description = ''
+        The address on which to accept FastCGI requests.
+      '';
+    };
+    extraConfig = mkOption {
+      type = types.lines;
+      example = ''
+        user = nobody
+        pm = dynamic
+        pm.max_children = 75
+        pm.start_servers = 10
+        pm.min_spare_servers = 5
+        pm.max_spare_servers = 20
+        pm.max_requests = 500
+      '';
+      description = ''
+        Extra lines that go into the pool configuration.
+        See the documentation on <literal>php-fpm.conf</literal> for
+        details on configuration directives.
+      '';
+    };
+  };
+}
diff --git a/virtual/modules/websites/piedsjaloux/default.nix b/virtual/modules/websites/piedsjaloux/default.nix
index bf74173..80261a3 100644
--- a/virtual/modules/websites/piedsjaloux/default.nix
+++ b/virtual/modules/websites/piedsjaloux/default.nix
@@ -36,7 +36,7 @@ in {
        };
      };
-      services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
      system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
      services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
      services.myWebsites.production.vhostConfs.piedsjaloux = {
@@ -48,7 +48,7 @@ in {
    })
    (lib.mkIf cfg.integration.enable {
      security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
-      services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
+      services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
      system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
      services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.piedsjaloux = {
diff --git a/virtual/packages/nextcloud.nix b/virtual/packages/nextcloud.nix
index 3ac71e0..b8d8e59 100644
--- a/virtual/packages/nextcloud.nix
+++ b/virtual/packages/nextcloud.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, checkEnv, writeText, lib }:
+{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }:
 let
  nextcloud = let
    # FIXME: initial sync
@@ -231,6 +231,11 @@ let
        [ webRoot varDir config ]
        ++ lib.attrsets.mapAttrsToList (name: value: value) apps);
      socket = "/var/run/phpfpm/nextcloud.sock";
+      phpConfig = ''
+        extension=${phpPackages.redis}/lib/php/extensions/redis.so
+        extension=${phpPackages.apcu}/lib/php/extensions/apcu.so
+        zend_extension=${php}/lib/php/extensions/opcache.so
+        '';
      pool = ''
        listen = ${socket}
        user = ${apache.user}

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 2e4ae12..c9075cf 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix
@@ -32,6 +32,7 @@
32	./modules/gitweb.nix	32	./modules/gitweb.nix
33	./modules/databases.nix	33	./modules/databases.nix
34	./modules/websites	34	./modules/websites
		35	./modules/websites/phpfpm
35	];	36	];
36	services.myGitolite.enable = true;	37	services.myGitolite.enable = true;
37	services.myGitweb.enable = true;	38	services.myGitweb.enable = true;
@@ -73,8 +74,8 @@
73	cd ${mypkgs.nextcloud.webRoot}	74	cd ${mypkgs.nextcloud.webRoot}
74	NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \	75	NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \
75	exec \	76	exec \
76	${config.services.phpfpm.phpPackage}/bin/php \	77	${pkgs.php}/bin/php \
77	-c ${config.services.phpfpm.phpPackage}/etc/php.ini \	78	-c ${pkgs.php}/etc/php.ini \
78	occ $*	79	occ $*
79	'';	80	'';
80	in [	81	in [
@@ -98,23 +99,19 @@
98		99
99	services.ympd = mypkgs.ympd.config // { enable = false; };	100	services.ympd = mypkgs.ympd.config // { enable = false; };
100		101
101	services.phpfpm = {	102	services.myPhpfpm = {
102	# FIXME: move session files to separate dirs	103	phpPackage = pkgs.php;
103	# /!\ phppackage is used in nextcloud configuation
104	phpOptions = ''	104	phpOptions = ''
105	session.save_path = "/var/lib/php/sessions"	105	session.save_path = "/var/lib/php/sessions"
106	session.gc_maxlifetime = 606024*15	106	session.gc_maxlifetime = 606024*15
107	session.cache_expire = 602430	107	session.cache_expire = 602430
108	; For nextcloud
109	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
110	; For nextcloud
111	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
112	; For nextcloud
113	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
114	'';	108	'';
115	extraConfig = ''	109	extraConfig = ''
116	log_level = notice	110	log_level = notice
117	'';	111	'';
		112	poolPhpConfigs = {
		113	nextcloud = mypkgs.nextcloud.phpFpm.phpConfig;
		114	};
118	poolConfigs = {	115	poolConfigs = {
119	adminer = mypkgs.adminer.phpFpm.pool;	116	adminer = mypkgs.adminer.phpFpm.pool;
120	nextcloud = mypkgs.nextcloud.phpFpm.pool;	117	nextcloud = mypkgs.nextcloud.phpFpm.pool;


diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix index d9db75c..2f319bb 100644 --- a/virtual/modules/websites/aten/default.nix +++ b/virtual/modules/websites/aten/default.nix
@@ -36,7 +36,7 @@ in {
36	};	36	};
37	};	37	};
38		38
39	services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;	39	services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
40	system.activationScripts.aten_prod = aten_prod.activationScript;	40	system.activationScripts.aten_prod = aten_prod.activationScript;
41	services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;	41	services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
42	services.myWebsites.production.modules = aten_prod.apache.modules;	42	services.myWebsites.production.modules = aten_prod.apache.modules;
@@ -49,7 +49,7 @@ in {
49	})	49	})
50	(lib.mkIf cfg.integration.enable {	50	(lib.mkIf cfg.integration.enable {
51	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;	51	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
52	services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;	52	services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
53	system.activationScripts.aten_dev = aten_dev.activationScript;	53	system.activationScripts.aten_dev = aten_dev.activationScript;
54	services.myWebsites.integration.modules = aten_dev.apache.modules;	54	services.myWebsites.integration.modules = aten_dev.apache.modules;
55	services.myWebsites.integration.vhostConfs.aten = {	55	services.myWebsites.integration.vhostConfs.aten = {


diff --git a/virtual/modules/websites/chloe/default.nix b/virtual/modules/websites/chloe/default.nix index 72a9b6f..e5c3db7 100644 --- a/virtual/modules/websites/chloe/default.nix +++ b/virtual/modules/websites/chloe/default.nix
@@ -36,7 +36,7 @@ in {
36	};	36	};
37	};	37	};
38		38
39	services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;	39	services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
40	system.activationScripts.chloe_prod = chloe_prod.activationScript;	40	system.activationScripts.chloe_prod = chloe_prod.activationScript;
41	services.myWebsites.production.modules = chloe_prod.apache.modules;	41	services.myWebsites.production.modules = chloe_prod.apache.modules;
42	services.myWebsites.production.vhostConfs.chloe = {	42	services.myWebsites.production.vhostConfs.chloe = {
@@ -48,7 +48,7 @@ in {
48	})	48	})
49	(lib.mkIf cfg.integration.enable {	49	(lib.mkIf cfg.integration.enable {
50	security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;	50	security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
51	services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;	51	services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
52	system.activationScripts.chloe_dev = chloe_dev.activationScript;	52	system.activationScripts.chloe_dev = chloe_dev.activationScript;
53	services.myWebsites.integration.modules = chloe_dev.apache.modules;	53	services.myWebsites.integration.modules = chloe_dev.apache.modules;
54	services.myWebsites.integration.vhostConfs.chloe = {	54	services.myWebsites.integration.vhostConfs.chloe = {


diff --git a/virtual/modules/websites/connexionswing/default.nix b/virtual/modules/websites/connexionswing/default.nix index 636b16e..5667c91 100644 --- a/virtual/modules/websites/connexionswing/default.nix +++ b/virtual/modules/websites/connexionswing/default.nix
@@ -38,7 +38,7 @@ in {
38	};	38	};
39	};	39	};
40		40
41	services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;	41	services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
42	system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;	42	system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
43	services.myWebsites.production.modules = connexionswing_prod.apache.modules;	43	services.myWebsites.production.modules = connexionswing_prod.apache.modules;
44	services.myWebsites.production.vhostConfs.connexionswing = {	44	services.myWebsites.production.vhostConfs.connexionswing = {
@@ -51,7 +51,7 @@ in {
51	(lib.mkIf cfg.integration.enable {	51	(lib.mkIf cfg.integration.enable {
52	security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;	52	security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
53	security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;	53	security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
54	services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;	54	services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
55	system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;	55	system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
56	services.myWebsites.integration.modules = connexionswing_dev.apache.modules;	56	services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
57	services.myWebsites.integration.vhostConfs.connexionswing = {	57	services.myWebsites.integration.vhostConfs.connexionswing = {


diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index 14b9998..54284e8 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix
@@ -107,6 +107,26 @@ in
107	];	107	];
108	};	108	};
109		109
		110	nixpkgs.config.packageOverrides = oldpkgs: rec {
		111	php = php72;
		112	php72 = (oldpkgs.php72.override {
		113	mysql.connector-c = pkgs.mariadb;
		114	config.php.mysqlnd = false;
		115	config.php.mysqli = false;
		116	}).overrideAttrs(old: rec {
		117	# Didn't manage to build with mysqli + mysql_config connector
		118	configureFlags = old.configureFlags ++ [
		119	"--with-mysqli=mysqlnd"
		120	];
		121	# preConfigure = (old.preConfigure or "") + ''
		122	# export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
		123	# sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
		124	# ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
		125	# '';
		126	});
		127	phpPackages = oldpkgs.php72Packages.override { inherit php; };
		128	};
		129
110	services.myWebsites.Chloe.production.enable = cfg.production.enable;	130	services.myWebsites.Chloe.production.enable = cfg.production.enable;
111	services.myWebsites.Ludivine.production.enable = cfg.production.enable;	131	services.myWebsites.Ludivine.production.enable = cfg.production.enable;
112	services.myWebsites.Aten.production.enable = cfg.production.enable;	132	services.myWebsites.Aten.production.enable = cfg.production.enable;


diff --git a/virtual/modules/websites/ludivine/default.nix b/virtual/modules/websites/ludivine/default.nix index ed719ba..6aa1862 100644 --- a/virtual/modules/websites/ludivine/default.nix +++ b/virtual/modules/websites/ludivine/default.nix
@@ -32,7 +32,7 @@ in {
32	};	32	};
33	};	33	};
34		34
35	services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;	35	services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
36	system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;	36	system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
37	services.myWebsites.production.modules = ludivinecassal_prod.apache.modules;	37	services.myWebsites.production.modules = ludivinecassal_prod.apache.modules;
38	services.myWebsites.production.vhostConfs.ludivine = {	38	services.myWebsites.production.vhostConfs.ludivine = {
@@ -45,7 +45,7 @@ in {
45	(lib.mkIf cfg.integration.enable {	45	(lib.mkIf cfg.integration.enable {
46	security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;	46	security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
47		47
48	services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;	48	services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
49	system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;	49	system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
50	services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;	50	services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
51	services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules;	51	services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules;


diff --git a/virtual/modules/websites/phpfpm/default.nix b/virtual/modules/websites/phpfpm/default.nix new file mode 100644 index 0000000..3c6f027 --- /dev/null +++ b/virtual/modules/websites/phpfpm/default.nix
@@ -0,0 +1,178 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	with lib;
		4
		5	let
		6	cfg = config.services.myPhpfpm;
		7	enabled = cfg.poolConfigs != {} \|\| cfg.pools != {};
		8
		9	stateDir = "/run/phpfpm";
		10
		11	poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools;
		12
		13	mkPool = n: p: ''
		14	listen = ${p.listen}
		15	${p.extraConfig}
		16	'';
		17
		18	fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" ''
		19	[global]
		20	error_log = syslog
		21	daemonize = no
		22	${cfg.extraConfig}
		23
		24	[${pool}]
		25	${poolConfig}
		26	'';
		27
		28	phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" {
		29	inherit (cfg) phpPackage phpOptions;
		30	inherit poolPhpOptions;
		31	nixDefaults = ''
		32	sendmail_path = "/run/wrappers/bin/sendmail -t -i"
		33	'';
		34	passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ];
		35	} ''
		36	cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out
		37	'');
		38
		39	in {
		40
		41	options = {
		42	services.myPhpfpm = {
		43	extraConfig = mkOption {
		44	type = types.lines;
		45	default = "";
		46	description = ''
		47	Extra configuration that should be put in the global section of
		48	the PHP-FPM configuration file. Do not specify the options
		49	<literal>error_log</literal> or
		50	<literal>daemonize</literal> here, since they are generated by
		51	NixOS.
		52	'';
		53	};
		54
		55	phpPackage = mkOption {
		56	type = types.package;
		57	default = pkgs.php;
		58	defaultText = "pkgs.php";
		59	description = ''
		60	The PHP package to use for running the PHP-FPM service.
		61	'';
		62	};
		63
		64	phpOptions = mkOption {
		65	type = types.lines;
		66	default = "";
		67	example =
		68	''
		69	date.timezone = "CET"
		70	'';
		71	description =
		72	"Options appended to the PHP configuration file <filename>php.ini</filename>.";
		73	};
		74
		75	poolPhpConfigs = mkOption {
		76	default = {};
		77	type = types.attrsOf types.lines;
		78	example = literalExample ''
		79	{ mypool = '''
		80	extension = some_extension.so
		81	''';
		82	}
		83	'';
		84	description = ''
		85	Extra lines that go into the php configuration specific to pool.
		86	'';
		87	};
		88
		89	poolConfigs = mkOption {
		90	default = {};
		91	type = types.attrsOf types.lines;
		92	example = literalExample ''
		93	{ mypool = '''
		94	listen = /run/phpfpm/mypool
		95	user = nobody
		96	pm = dynamic
		97	pm.max_children = 75
		98	pm.start_servers = 10
		99	pm.min_spare_servers = 5
		100	pm.max_spare_servers = 20
		101	pm.max_requests = 500
		102	''';
		103	}
		104	'';
		105	description = ''
		106	A mapping between PHP-FPM pool names and their configurations.
		107	See the documentation on <literal>php-fpm.conf</literal> for
		108	details on configuration directives. If no pools are defined,
		109	the phpfpm service is disabled.
		110	'';
		111	};
		112
		113	pools = mkOption {
		114	type = types.attrsOf (types.submodule (import ./pool-options.nix {
		115	inherit lib;
		116	}));
		117	default = {};
		118	example = literalExample ''
		119	{
		120	mypool = {
		121	listen = "/path/to/unix/socket";
		122	extraConfig = '''
		123	user = nobody
		124	pm = dynamic
		125	pm.max_children = 75
		126	pm.start_servers = 10
		127	pm.min_spare_servers = 5
		128	pm.max_spare_servers = 20
		129	pm.max_requests = 500
		130	''';
		131	}
		132	}'';
		133	description = ''
		134	PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM
		135	service is disabled.
		136	'';
		137	};
		138	};
		139	};
		140
		141	config = mkIf enabled {
		142
		143	systemd.slices.phpfpm = {
		144	description = "PHP FastCGI Process manager pools slice";
		145	};
		146
		147	systemd.targets.phpfpm = {
		148	description = "PHP FastCGI Process manager pools target";
		149	wantedBy = [ "multi-user.target" ];
		150	};
		151
		152	systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
		153	nameValuePair "phpfpm-${pool}" {
		154	description = "PHP FastCGI Process Manager service for pool ${pool}";
		155	after = [ "network.target" ];
		156	wantedBy = [ "phpfpm.target" ];
		157	partOf = [ "phpfpm.target" ];
		158	preStart = ''
		159	mkdir -p ${stateDir}
		160	'';
		161	serviceConfig = let
		162	cfgFile = fpmCfgFile pool poolConfig;
		163	poolPhpIni = cfg.poolPhpConfigs.${pool} or "";
		164	in {
		165	Slice = "phpfpm.slice";
		166	PrivateDevices = true;
		167	ProtectSystem = "full";
		168	ProtectHome = true;
		169	# XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
		170	RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
		171	Type = "notify";
		172	ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}";
		173	ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
		174	};
		175	}
		176	);
		177	};
		178	}


diff --git a/virtual/modules/websites/phpfpm/pool-options.nix b/virtual/modules/websites/phpfpm/pool-options.nix new file mode 100644 index 0000000..cc688c2 --- /dev/null +++ b/virtual/modules/websites/phpfpm/pool-options.nix
@@ -0,0 +1,35 @@
		1	{ lib }:
		2
		3	with lib; {
		4
		5	options = {
		6
		7	listen = mkOption {
		8	type = types.str;
		9	example = "/path/to/unix/socket";
		10	description = ''
		11	The address on which to accept FastCGI requests.
		12	'';
		13	};
		14
		15	extraConfig = mkOption {
		16	type = types.lines;
		17	example = ''
		18	user = nobody
		19	pm = dynamic
		20	pm.max_children = 75
		21	pm.start_servers = 10
		22	pm.min_spare_servers = 5
		23	pm.max_spare_servers = 20
		24	pm.max_requests = 500
		25	'';
		26
		27	description = ''
		28	Extra lines that go into the pool configuration.
		29	See the documentation on <literal>php-fpm.conf</literal> for
		30	details on configuration directives.
		31	'';
		32	};
		33	};
		34	}
		35


diff --git a/virtual/modules/websites/piedsjaloux/default.nix b/virtual/modules/websites/piedsjaloux/default.nix index bf74173..80261a3 100644 --- a/virtual/modules/websites/piedsjaloux/default.nix +++ b/virtual/modules/websites/piedsjaloux/default.nix
@@ -36,7 +36,7 @@ in {
36	};	36	};
37	};	37	};
38		38
39	services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;	39	services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
40	system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;	40	system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
41	services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;	41	services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
42	services.myWebsites.production.vhostConfs.piedsjaloux = {	42	services.myWebsites.production.vhostConfs.piedsjaloux = {
@@ -48,7 +48,7 @@ in {
48	})	48	})
49	(lib.mkIf cfg.integration.enable {	49	(lib.mkIf cfg.integration.enable {
50	security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;	50	security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
51	services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;	51	services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
52	system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;	52	system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
53	services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;	53	services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
54	services.myWebsites.integration.vhostConfs.piedsjaloux = {	54	services.myWebsites.integration.vhostConfs.piedsjaloux = {


diff --git a/virtual/packages/nextcloud.nix b/virtual/packages/nextcloud.nix index 3ac71e0..b8d8e59 100644 --- a/virtual/packages/nextcloud.nix +++ b/virtual/packages/nextcloud.nix
@@ -1,4 +1,4 @@
1	{ stdenv, fetchurl, checkEnv, writeText, lib }:	1	{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }:
2	let	2	let
3	nextcloud = let	3	nextcloud = let
4	# FIXME: initial sync	4	# FIXME: initial sync
@@ -231,6 +231,11 @@ let
231	[ webRoot varDir config ]	231	[ webRoot varDir config ]
232	++ lib.attrsets.mapAttrsToList (name: value: value) apps);	232	++ lib.attrsets.mapAttrsToList (name: value: value) apps);
233	socket = "/var/run/phpfpm/nextcloud.sock";	233	socket = "/var/run/phpfpm/nextcloud.sock";
		234	phpConfig = ''
		235	extension=${phpPackages.redis}/lib/php/extensions/redis.so
		236	extension=${phpPackages.apcu}/lib/php/extensions/apcu.so
		237	zend_extension=${php}/lib/php/extensions/opcache.so
		238	'';
234	pool = ''	239	pool = ''
235	listen = ${socket}	240	listen = ${socket}
236	user = ${apache.user}	241	user = ${apache.user}