aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/phpfpm/default.nix
blob: 9c068bf604080420f059ce07ba95960304d981cb (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.myPhpfpm;
  enabled = cfg.poolConfigs != {} || cfg.pools != {};

  stateDir = "/run/phpfpm";

  poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools;

  mkPool = n: p: ''
    listen = ${p.listen}
    ${p.extraConfig}
  '';

  fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" ''
    [global]
    error_log = syslog
    daemonize = no
    ${cfg.extraConfig}

    [${pool}]
    ${poolConfig}
  '';

  phpIni = poolPhpOptions: (pkgs.runCommand "php.ini" {
    inherit (cfg) phpPackage phpOptions;
    inherit poolPhpOptions;
    nixDefaults = ''
      sendmail_path = "/run/wrappers/bin/sendmail -t -i"
    '';
    passAsFile = [ "nixDefaults" "phpOptions" "poolPhpOptions" ];
  } ''
    cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath $poolPhpOptionsPath > $out
  '');

in {

  options = {
    services.myPhpfpm = {
      extraConfig = mkOption {
        type = types.lines;
        default = "";
        description = ''
          Extra configuration that should be put in the global section of
          the PHP-FPM configuration file. Do not specify the options
          <literal>error_log</literal> or
          <literal>daemonize</literal> here, since they are generated by
          NixOS.
        '';
      };

      phpPackage = mkOption {
        type = types.package;
        default = pkgs.php;
        defaultText = "pkgs.php";
        description = ''
          The PHP package to use for running the PHP-FPM service.
        '';
      };

      phpOptions = mkOption {
        type = types.lines;
        default = "";
        example =
          ''
            date.timezone = "CET"
          '';
        description =
          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
      };

      serviceDependencies = mkOption {
        default = {};
        type = types.attrsOf (types.listOf types.string);
        example = literalExample ''
          { mypool = ["postgresql.service"]; }
        '';
        description = ''
          Extra service dependencies specific to pool.
        '';
      };

      envFile = mkOption {
        default = {};
        type = types.attrsOf types.string;
        example = literalExample ''
          { mypool = "path/to/file";
          }
        '';
        description = ''
          Extra environment file go into the service script.
        '';
      };

      poolPhpConfigs = mkOption {
        default = {};
        type = types.attrsOf types.lines;
        example = literalExample ''
          { mypool = '''
              extension = some_extension.so
            ''';
          }
        '';
        description = ''
          Extra lines that go into the php configuration specific to pool.
        '';
      };

      poolConfigs = mkOption {
        default = {};
        type = types.attrsOf types.lines;
        example = literalExample ''
          { mypool = '''
              listen = /run/phpfpm/mypool
              user = nobody
              pm = dynamic
              pm.max_children = 75
              pm.start_servers = 10
              pm.min_spare_servers = 5
              pm.max_spare_servers = 20
              pm.max_requests = 500
            ''';
          }
        '';
        description = ''
          A mapping between PHP-FPM pool names and their configurations.
          See the documentation on <literal>php-fpm.conf</literal> for
          details on configuration directives. If no pools are defined,
          the phpfpm service is disabled.
        '';
      };

      pools = mkOption {
        type = types.attrsOf (types.submodule (import ./pool-options.nix {
          inherit lib;
        }));
        default = {};
        example = literalExample ''
         {
           mypool = {
             listen = "/path/to/unix/socket";
             extraConfig = '''
               user = nobody
               pm = dynamic
               pm.max_children = 75
               pm.start_servers = 10
               pm.min_spare_servers = 5
               pm.max_spare_servers = 20
               pm.max_requests = 500
             ''';
           }
         }'';
        description = ''
          PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM
          service is disabled.
        '';
      };
    };
  };

  config = mkIf enabled {

    systemd.slices.phpfpm = {
      description = "PHP FastCGI Process manager pools slice";
    };

    systemd.targets.phpfpm = {
      description = "PHP FastCGI Process manager pools target";
      wantedBy = [ "multi-user.target" ];
    };

    systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
      nameValuePair "phpfpm-${pool}" {
        description = "PHP FastCGI Process Manager service for pool ${pool}";
        after = [ "network.target" ] ++ (cfg.serviceDependencies.${pool} or []);
        wants = cfg.serviceDependencies.${pool} or [];
        wantedBy = [ "phpfpm.target" ];
        partOf = [ "phpfpm.target" ];
        preStart = ''
          mkdir -p ${stateDir}
        '';
        serviceConfig = let
          cfgFile = fpmCfgFile pool poolConfig;
          poolPhpIni = cfg.poolPhpConfigs.${pool} or "";
        in {
          EnvironmentFile = if builtins.hasAttr pool cfg.envFile then [cfg.envFile.${pool}] else [];
          Slice = "phpfpm.slice";
          PrivateDevices = true;
          ProtectSystem = "full";
          ProtectHome = true;
          # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
          Type = "notify";
          ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni poolPhpIni}";
          ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
        };
      }
   );
  };
}