From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/websites/php-application.nix | 224 ----------------------------------- 1 file changed, 224 deletions(-) delete mode 100644 modules/websites/php-application.nix (limited to 'modules/websites/php-application.nix') diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix deleted file mode 100644 index 3a43a45..0000000 --- a/modules/websites/php-application.nix +++ /dev/null @@ -1,224 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - cfg = config.services.phpApplication; - cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps); -in -{ - options = with types; { - services.phpApplication.apps = mkOption { - default = {}; - description = '' - php applications to define - ''; - type = attrsOf (submodule { - options = { - varDir = mkOption { - type = nullOr path; - description = '' - Path to application’s vardir. - ''; - }; - varDirPaths = mkOption { - type = attrsOf str; - default = {}; - description = '' - Map of additional folders => mode to create under varDir - ''; - }; - mode = mkOption { - type = str; - default = "0700"; - description = '' - Mode to apply to the vardir - ''; - }; - phpSession = mkOption { - type = bool; - default = true; - description = "Handle phpsession files separately in vardir"; - }; - phpListen = mkOption { - type = nullOr str; - default = null; - description = "Name of the socket to listen to. Defaults to app name if null"; - }; - phpPool = mkOption { - type = attrsOf str; - default = {}; - description = "Pool configuration to append"; - }; - phpEnv = mkOption { - type = attrsOf str; - default = {}; - description = "Pool environment to append"; - }; - phpPackage = mkOption { - type = attrsOf str; - default = pkgs.php; - description = "Php package to use"; - }; - phpOptions = mkOption { - type = lines; - default = ""; - description = "php configuration to append"; - }; - phpOpenbasedir = mkOption { - type = listOf path; - default = []; - description = '' - paths to add to php open_basedir configuration in addition to app and vardir - ''; - }; - phpWatchFiles = mkOption { - type = listOf path; - default = []; - description = '' - Path to other files to watch to trigger preStart scripts - ''; - }; - websiteEnv = mkOption { - type = str; - description = '' - website instance name to use - ''; - }; - httpdUser = mkOption { - type = str; - default = config.services.httpd.user; - description = '' - httpd user to run the prestart scripts as. - ''; - }; - httpdGroup = mkOption { - type = str; - default = config.services.httpd.group; - description = '' - httpd group to run the prestart scripts as. - ''; - }; - httpdWatchFiles = mkOption { - type = listOf path; - default = []; - description = '' - Path to other files to watch to trigger httpd reload - ''; - }; - app = mkOption { - type = path; - description = '' - Path to application root - ''; - }; - webRoot = mkOption { - type = nullOr path; - description = '' - Path to the web root path of the application. May differ from the application itself (usually a subdirectory) - ''; - }; - preStartActions = mkOption { - type = listOf str; - default = []; - description = '' - List of actions to run as apache user at preStart when - whatchFiles or app dir changed. - ''; - }; - serviceDeps = mkOption { - type = listOf str; - default = []; - description = '' - List of systemd services this application depends on - ''; - }; - }; - }); - }; - # Read-only variables - services.phpApplication.phpListenPaths = mkOption { - type = attrsOf path; - default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - name config.services.phpfpm.pools."${name}".socket - ) cfg.apps; - readOnly = true; - description = '' - Full paths to listen for php - ''; - }; - }; - - config = { - services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair - name { - modules = [ "proxy_fcgi" ]; - watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs); - } - ) cfgByEnv; - - services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - name { - user = icfg.httpdUser; - group = icfg.httpdUser; - settings = { - "listen.owner" = icfg.httpdUser; - "listen.group" = icfg.httpdGroup; - "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir); - } - // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; } - // icfg.phpPool; - phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions; - inherit (icfg) phpEnv phpPackage; - } - ) cfg.apps; - - services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - "phpfpm-${name}" { - restart = true; - paths = icfg.phpWatchFiles; - } - ) (attrsets.filterAttrs (n: v: builtins.length v.phpWatchFiles > 0) cfg.apps); - - systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - "phpfpm-${name}" { - after = lib.mkAfter icfg.serviceDeps; - wants = icfg.serviceDeps; - preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' - watchFilesChanged() { - ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"} - [ ! -f "${icfg.varDir}"/watchedFiles ] \ - || ! sha512sum -c --status ${icfg.varDir}/watchedFiles - } - appDirChanged() { - [ ! -f "${icfg.varDir}/currentWebappDir" -o \ - "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] - } - updateWatchFiles() { - ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"} - sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles - } - - if watchFilesChanged || appDirChanged; then - pushd ${icfg.app} > /dev/null - ${builtins.concatStringsSep "\n " (map (c: "/run/wrappers/bin/sudo -u ${icfg.httpdUser} ${c}") icfg.preStartActions) } - popd > /dev/null - echo -n "${icfg.app}" > ${icfg.varDir}/currentWebappDir - updateWatchFiles - fi - ''); - } - ) cfg.apps; - - system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - name { - deps = []; - text = optionalString (!isNull icfg.varDir) '' - install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir} - '' + optionalString (icfg.phpSession) '' - install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions - '' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: '' - install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n} - '') icfg.varDirPaths); - } - ) cfg.apps; - }; -} -- cgit v1.2.3