From f40f5b235b890f46770a22f005f8a0f664cf0562 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 21 May 2019 02:47:52 +0200 Subject: Replace myPhpfpm with correct overrides --- nixops/modules/websites/default.nix | 4 +- nixops/modules/websites/phpfpm/default.nix | 217 --------------------- nixops/modules/websites/phpfpm/pool-options.nix | 35 ---- nixops/modules/websites/tools/cloud.nix | 8 +- nixops/modules/websites/tools/dav/default.nix | 2 +- nixops/modules/websites/tools/git/default.nix | 2 +- nixops/modules/websites/tools/tools/default.nix | 140 +++++++------ .../modules/websites/tools/tools/roundcubemail.nix | 1 - 8 files changed, 91 insertions(+), 318 deletions(-) delete mode 100644 nixops/modules/websites/phpfpm/default.nix delete mode 100644 nixops/modules/websites/phpfpm/pool-options.nix (limited to 'nixops/modules/websites') diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 584892a..1948fe9 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -76,8 +76,6 @@ in ./tools/diaspora.nix ./tools/ether.nix ./tools/peertube.nix - # Adapted from base phpfpm - ./phpfpm ]; config = { @@ -156,7 +154,7 @@ in ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName} ''; - services.myPhpfpm = { + services.phpfpm = { phpPackage = pkgs.php; phpOptions = '' session.save_path = "/var/lib/php/sessions" diff --git a/nixops/modules/websites/phpfpm/default.nix b/nixops/modules/websites/phpfpm/default.nix deleted file mode 100644 index 60959e0..0000000 --- a/nixops/modules/websites/phpfpm/default.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.myPhpfpm; - enabled = cfg.poolConfigs != {} || cfg.pools != {}; - - stateDir = "/run/phpfpm"; - - poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools; - - mkPool = n: p: '' - listen = ${p.listen} - ${p.extraConfig} - ''; - - fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" '' - [global] - error_log = syslog - daemonize = no - ${cfg.extraConfig} - - [${pool}] - ${poolConfig} - ''; - - phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" { - inherit (cfg) phpPackage phpOptions; - inherit poolPhpOptions; - nixDefaults = '' - sendmail_path = "/run/wrappers/bin/sendmail -t -i" - ''; - passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ]; - } '' - cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out - ''); - -in { - - options = { - services.myPhpfpm = { - extraConfig = mkOption { - type = types.lines; - default = ""; - description = '' - Extra configuration that should be put in the global section of - the PHP-FPM configuration file. Do not specify the options - error_log or - daemonize here, since they are generated by - NixOS. - ''; - }; - - phpPackage = mkOption { - type = types.package; - default = pkgs.php; - defaultText = "pkgs.php"; - description = '' - The PHP package to use for running the PHP-FPM service. - ''; - }; - - phpOptions = mkOption { - type = types.lines; - default = ""; - example = - '' - date.timezone = "CET" - ''; - description = - "Options appended to the PHP configuration file php.ini."; - }; - - serviceDependencies = mkOption { - default = {}; - type = types.attrsOf (types.listOf types.string); - example = literalExample '' - { mypool = ["postgresql.service"]; } - ''; - description = '' - Extra service dependencies specific to pool. - ''; - }; - - envFile = mkOption { - default = {}; - type = types.attrsOf types.string; - example = literalExample '' - { mypool = "path/to/file"; - } - ''; - description = '' - Extra environment file go into the service script. - ''; - }; - - preStart = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - touch foo - '''; - } - ''; - description = '' - Extra lines that will go into the preStart systemd service - ''; - }; - - poolPhpConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - extension = some_extension.so - '''; - } - ''; - description = '' - Extra lines that go into the php configuration specific to pool. - ''; - }; - - poolConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - listen = /run/phpfpm/mypool - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - ''; - description = '' - A mapping between PHP-FPM pool names and their configurations. - See the documentation on php-fpm.conf for - details on configuration directives. If no pools are defined, - the phpfpm service is disabled. - ''; - }; - - pools = mkOption { - type = types.attrsOf (types.submodule (import ./pool-options.nix { - inherit lib; - })); - default = {}; - example = literalExample '' - { - mypool = { - listen = "/path/to/unix/socket"; - extraConfig = ''' - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - }''; - description = '' - PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM - service is disabled. - ''; - }; - }; - }; - - config = mkIf enabled { - - systemd.slices.phpfpm = { - description = "PHP FastCGI Process manager pools slice"; - }; - - systemd.targets.phpfpm = { - description = "PHP FastCGI Process manager pools target"; - wantedBy = [ "multi-user.target" ]; - }; - - systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig: - nameValuePair "phpfpm-${pool}" { - description = "PHP FastCGI Process Manager service for pool ${pool}"; - after = [ "network.target" ] ++ (cfg.serviceDependencies.${pool} or []); - wants = cfg.serviceDependencies.${pool} or []; - wantedBy = [ "phpfpm.target" ]; - partOf = [ "phpfpm.target" ]; - preStart = '' - mkdir -p ${stateDir} - '' + (cfg.preStart.${pool} or ""); - serviceConfig = let - cfgFile = fpmCfgFile pool poolConfig; - poolPhpIni = cfg.poolPhpConfigs.${pool} or ""; - in { - EnvironmentFile = if builtins.hasAttr pool cfg.envFile then [cfg.envFile.${pool}] else []; - Slice = "phpfpm.slice"; - PrivateDevices = true; - ProtectSystem = "full"; - ProtectHome = true; - # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work - RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; - Type = "notify"; - ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}"; - ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; - }; - } - ); - }; -} diff --git a/nixops/modules/websites/phpfpm/pool-options.nix b/nixops/modules/websites/phpfpm/pool-options.nix deleted file mode 100644 index cc688c2..0000000 --- a/nixops/modules/websites/phpfpm/pool-options.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib }: - -with lib; { - - options = { - - listen = mkOption { - type = types.str; - example = "/path/to/unix/socket"; - description = '' - The address on which to accept FastCGI requests. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - example = '' - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - ''; - - description = '' - Extra lines that go into the pool configuration. - See the documentation on php-fpm.conf for - details on configuration directives. - ''; - }; - }; -} - diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix index 5e010f4..5d2ca40 100644 --- a/nixops/modules/websites/tools/cloud.nix +++ b/nixops/modules/websites/tools/cloud.nix @@ -17,7 +17,6 @@ let zend_extension=${pkgs.php}/lib/php/extensions/opcache.so ''; pool = '' - listen = ${socket} user = wwwrun group = wwwrun listen.owner = wwwrun @@ -170,9 +169,10 @@ in { ln -s ${nextcloud} $out/webapps/${webappName} ''; - services.myPhpfpm = { - poolPhpConfigs.nextcloud = phpFpm.phpConfig; - poolConfigs.nextcloud = phpFpm.pool; + services.phpfpm.pools.nextcloud = { + listen = phpFpm.socket; + extraConfig = phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; }; services.cron = { diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix index 075cf48..78e0ba3 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/nixops/modules/websites/tools/dav/default.nix @@ -41,7 +41,7 @@ in { ]; }; - services.myPhpfpm.poolConfigs = { + services.phpfpm.poolConfigs = { davical = davical.phpFpm.pool; }; diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix index 064d3dd..495c5ea 100644 --- a/nixops/modules/websites/tools/git/default.nix +++ b/nixops/modules/websites/tools/git/default.nix @@ -38,7 +38,7 @@ in { '' ]; }; - services.myPhpfpm.poolConfigs = { + services.phpfpm.poolConfigs = { mantisbt = mantisbt.phpFpm.pool; }; }; diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 061c004..642755f 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -72,15 +72,6 @@ in { ++ ldap.apache.modules ++ kanboard.apache.modules; - systemd.services.ympd = { - description = "Standalone MPD Web GUI written in C"; - wantedBy = [ "multi-user.target" ]; - script = '' - export MPD_PASSWORD=$(cat /var/secrets/mpd) - ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody - ''; - }; - services.websites.integration.vhostConfs.devtools = { certName = "eldiron"; addToCerts = true; @@ -157,33 +148,99 @@ in { ]; }; - services.myPhpfpm.serviceDependencies = { - dokuwiki = dokuwiki.phpFpm.serviceDeps; - kanboard = kanboard.phpFpm.serviceDeps; - ldap = ldap.phpFpm.serviceDeps; - rainloop = rainloop.phpFpm.serviceDeps; - roundcubemail = roundcubemail.phpFpm.serviceDeps; - shaarli = shaarli.phpFpm.serviceDeps; - ttrss = ttrss.phpFpm.serviceDeps; - wallabag = wallabag.phpFpm.serviceDeps; - yourls = yourls.phpFpm.serviceDeps; + systemd.services = { + phpfpm-dokuwiki = { + after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; + wants = dokuwiki.phpFpm.serviceDeps; + }; + phpfpm-kanboard = { + after = lib.mkAfter kanboard.phpFpm.serviceDeps; + wants = kanboard.phpFpm.serviceDeps; + }; + phpfpm-ldap = { + after = lib.mkAfter ldap.phpFpm.serviceDeps; + wants = ldap.phpFpm.serviceDeps; + }; + phpfpm-rainloop = { + after = lib.mkAfter rainloop.phpFpm.serviceDeps; + wants = rainloop.phpFpm.serviceDeps; + }; + phpfpm-roundcubemail = { + after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; + wants = roundcubemail.phpFpm.serviceDeps; + }; + phpfpm-shaarli = { + after = lib.mkAfter shaarli.phpFpm.serviceDeps; + wants = shaarli.phpFpm.serviceDeps; + }; + phpfpm-ttrss = { + after = lib.mkAfter ttrss.phpFpm.serviceDeps; + wants = ttrss.phpFpm.serviceDeps; + }; + phpfpm-wallabag = { + after = lib.mkAfter wallabag.phpFpm.serviceDeps; + wants = wallabag.phpFpm.serviceDeps; + preStart = lib.mkAfter wallabag.phpFpm.preStart; + }; + phpfpm-yourls = { + after = lib.mkAfter yourls.phpFpm.serviceDeps; + wants = yourls.phpFpm.serviceDeps; + }; + ympd = { + description = "Standalone MPD Web GUI written in C"; + wantedBy = [ "multi-user.target" ]; + script = '' + export MPD_PASSWORD=$(cat /var/secrets/mpd) + ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody + ''; + }; + tt-rss = { + description = "Tiny Tiny RSS feeds update daemon"; + serviceConfig = { + User = "wwwrun"; + ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; + StandardOutput = "syslog"; + StandardError = "syslog"; + PermissionsStartOnly = true; + }; + + wantedBy = [ "multi-user.target" ]; + requires = ["postgresql.service"]; + after = ["network.target" "postgresql.service"]; + }; + }; + + services.phpfpm.pools.roundcubemail = { + listen = roundcubemail.phpFpm.socket; + extraConfig = roundcubemail.phpFpm.pool; + phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; }; - services.myPhpfpm.poolPhpConfigs = { - devtools = '' + services.phpfpm.pools.devtools = { + listen = "/var/run/phpfpm/devtools.sock"; + extraConfig = '' + user = wwwrun + group = wwwrun + listen.owner = wwwrun + listen.group = wwwrun + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 + + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" + ''; + phpOptions = config.services.phpfpm.phpOptions + '' extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so zend_extension=${pkgs.php}/lib/php/extensions/opcache.so ''; - roundcubemail = roundcubemail.phpFpm.phpConfig; - }; - services.myPhpfpm.preStart = { - wallabag = wallabag.phpFpm.preStart; }; - services.myPhpfpm.poolConfigs = { + + services.phpfpm.poolConfigs = { adminer = adminer.phpFpm.pool; ttrss = ttrss.phpFpm.pool; - roundcubemail = roundcubemail.phpFpm.pool; wallabag = wallabag.phpFpm.pool; yourls = yourls.phpFpm.pool; rompr = rompr.phpFpm.pool; @@ -192,20 +249,6 @@ in { ldap = ldap.phpFpm.pool; rainloop = rainloop.phpFpm.pool; kanboard = kanboard.phpFpm.pool; - devtools = '' - listen = /var/run/phpfpm/devtools.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 - - php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" - ''; tools = '' listen = /var/run/phpfpm/tools.sock user = wwwrun @@ -250,21 +293,6 @@ in { ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName} ''; - systemd.services.tt-rss = { - description = "Tiny Tiny RSS feeds update daemon"; - serviceConfig = { - User = "wwwrun"; - ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; - StandardOutput = "syslog"; - StandardError = "syslog"; - PermissionsStartOnly = true; - }; - - wantedBy = [ "multi-user.target" ]; - requires = ["postgresql.service"]; - after = ["network.target" "postgresql.service"]; - }; - }; } diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix index 6177ff3..8974d1b 100644 --- a/nixops/modules/websites/tools/tools/roundcubemail.nix +++ b/nixops/modules/websites/tools/tools/roundcubemail.nix @@ -102,7 +102,6 @@ rec { ''; socket = "/var/run/phpfpm/roundcubemail.sock"; pool = '' - listen = ${socket} user = ${apache.user} group = ${apache.group} listen.owner = ${apache.user} -- cgit v1.2.3