summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/secrets.nix9
-rw-r--r--modules/websites/default.nix19
-rw-r--r--modules/websites/php-application.nix101
3 files changed, 103 insertions, 26 deletions
diff --git a/modules/secrets.nix b/modules/secrets.nix
index 808b15c5..a2424e92 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -11,7 +11,16 @@
11 default = "/var/secrets"; 11 default = "/var/secrets";
12 description = "Location where to put the keys"; 12 description = "Location where to put the keys";
13 }; 13 };
14 # Read-only variables
15 fullPaths = lib.mkOption {
16 type = lib.types.attrsOf lib.types.path;
17 default = builtins.listToAttrs
18 (map (v: { name = v.dest; value = "${config.secrets.location}/${v.dest}"; }) config.secrets.keys);
19 readOnly = true;
20 description = "set of full paths to secrets";
21 };
14 }; 22 };
23
15 config = let 24 config = let
16 location = config.secrets.location; 25 location = config.secrets.location;
17 keys = config.secrets.keys; 26 keys = config.secrets.keys;
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index ef79cb3c..043fc6ec 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -23,14 +23,6 @@ in
23 Name of the webapp dir to create in /run/current-system 23 Name of the webapp dir to create in /run/current-system
24 ''; 24 '';
25 }; 25 };
26 webappDirsPath = mkOption {
27 type = str;
28 readOnly = true;
29 description = ''
30 Full path of the webapp dir
31 '';
32 default = "/run/current-system/${cfg.webappDirsName}";
33 };
34 env = mkOption { 26 env = mkOption {
35 default = {}; 27 default = {};
36 description = "Each type of website to enable will target a distinct httpd server"; 28 description = "Each type of website to enable will target a distinct httpd server";
@@ -126,6 +118,17 @@ in
126 }; 118 };
127 }); 119 });
128 }; 120 };
121 # Readonly variables
122 webappDirsPaths = mkOption {
123 type = attrsOf path;
124 readOnly = true;
125 description = ''
126 Full paths of the webapp dir
127 '';
128 default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
129 name "/run/current-system/${cfg.webappDirsName}/${name}"
130 ) cfg.webappDirs;
131 };
129 }; 132 };
130 133
131 config.services.httpd = let 134 config.services.httpd = let
diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix
index 765d4067..1bc4872e 100644
--- a/modules/websites/php-application.nix
+++ b/modules/websites/php-application.nix
@@ -2,11 +2,11 @@
2with lib; 2with lib;
3let 3let
4 cfg = config.services.phpApplication; 4 cfg = config.services.phpApplication;
5 cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg); 5 cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps);
6in 6in
7{ 7{
8 options = { 8 options = with types; {
9 services.phpApplication = with types; mkOption { 9 services.phpApplication.apps = mkOption {
10 default = {}; 10 default = {};
11 description = '' 11 description = ''
12 php applications to define 12 php applications to define
@@ -31,6 +31,35 @@ in
31 default = true; 31 default = true;
32 description = "Handle phpsession files separately in vardir"; 32 description = "Handle phpsession files separately in vardir";
33 }; 33 };
34 phpListen = mkOption {
35 type = nullOr str;
36 default = null;
37 description = "Name of the socket to listen to. Defaults to app name if null";
38 };
39 phpPool = mkOption {
40 type = lines;
41 default = "";
42 description = "Pool configuration to append";
43 };
44 phpOptions = mkOption {
45 type = lines;
46 default = "";
47 description = "php configuration to append";
48 };
49 phpOpenbasedir = mkOption {
50 type = listOf path;
51 default = [];
52 description = ''
53 paths to add to php open_basedir configuration in addition to app and vardir
54 '';
55 };
56 phpWatchFiles = mkOption {
57 type = listOf path;
58 default = [];
59 description = ''
60 Path to other files to watch to trigger preStart scripts
61 '';
62 };
34 websiteEnv = mkOption { 63 websiteEnv = mkOption {
35 type = str; 64 type = str;
36 description = '' 65 description = ''
@@ -51,6 +80,13 @@ in
51 httpd group to run the prestart scripts as. 80 httpd group to run the prestart scripts as.
52 ''; 81 '';
53 }; 82 };
83 httpdWatchFiles = mkOption {
84 type = listOf path;
85 default = [];
86 description = ''
87 Path to other files to watch to trigger httpd reload
88 '';
89 };
54 app = mkOption { 90 app = mkOption {
55 type = path; 91 type = path;
56 description = '' 92 description = ''
@@ -59,6 +95,7 @@ in
59 }; 95 };
60 webappName = mkOption { 96 webappName = mkOption {
61 type = nullOr str; 97 type = nullOr str;
98 default = null;
62 description = '' 99 description = ''
63 Alias name for the app, to be used in services.websites.webappDirs 100 Alias name for the app, to be used in services.websites.webappDirs
64 ''; 101 '';
@@ -84,29 +121,57 @@ in
84 List of systemd services this application depends on 121 List of systemd services this application depends on
85 ''; 122 '';
86 }; 123 };
87 watchFiles = mkOption {
88 type = listOf path;
89 default = [];
90 description = ''
91 Path to other files to watch to trigger preStart scripts
92 '';
93 };
94 }; 124 };
95 }); 125 });
96 }; 126 };
127 # Read-only variables
128 services.phpApplication.phpListenPaths = mkOption {
129 type = attrsOf path;
130 default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
131 name "/run/phpfpm/${if icfg.phpListen == null then name else icfg.phpListen}.sock"
132 ) cfg.apps;
133 readOnly = true;
134 description = ''
135 Full paths to listen for php
136 '';
137 };
138 services.phpApplication.webappDirs = mkOption {
139 type = attrsOf path;
140 default = attrsets.filterAttrs (n: v: builtins.hasAttr n cfg.apps) config.services.websites.webappDirsPaths;
141 readOnly = true;
142 description = ''
143 Stable name webapp dirs for httpd
144 '';
145 };
97 }; 146 };
98 147
99 config = { 148 config = {
100 services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair 149 services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair
101 name { 150 name {
102 modules = [ "proxy_fcgi" ]; 151 modules = [ "proxy_fcgi" ];
103 watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs); 152 watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs);
104 } 153 }
105 ) cfgByEnv; 154 ) cfgByEnv;
106 155
156 services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
157 name {
158 listen = cfg.phpListenPaths."${name}";
159 extraConfig = ''
160 user = ${icfg.httpdUser}
161 group = ${icfg.httpdGroup}
162 listen.owner = ${icfg.httpdUser}
163 listen.group = ${icfg.httpdGroup}
164 ${optionalString (icfg.phpSession) ''
165 php_admin_value[session.save_path] = "${icfg.varDir}/phpSessions"''}
166 php_admin_value[open_basedir] = "${builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpOpenbasedir)}"
167 '' + icfg.phpPool;
168 phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions;
169 }
170 ) cfg.apps;
171
107 services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair 172 services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
108 icfg.webappName icfg.webRoot 173 (if icfg.webappName == null then name else icfg.webappName) icfg.webRoot
109 ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg); 174 ) (attrsets.filterAttrs (n: v: !isNull v.webRoot) cfg.apps);
110 175
111 systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair 176 systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
112 "phpfpm-${name}" { 177 "phpfpm-${name}" {
@@ -114,7 +179,7 @@ in
114 wants = icfg.serviceDeps; 179 wants = icfg.serviceDeps;
115 preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' 180 preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) ''
116 watchFilesChanged() { 181 watchFilesChanged() {
117 ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} 182 ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"}
118 [ ! -f "${icfg.varDir}"/watchedFiles ] \ 183 [ ! -f "${icfg.varDir}"/watchedFiles ] \
119 || ! sha512sum -c --status ${icfg.varDir}/watchedFiles 184 || ! sha512sum -c --status ${icfg.varDir}/watchedFiles
120 } 185 }
@@ -123,8 +188,8 @@ in
123 "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] 188 "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ]
124 } 189 }
125 updateWatchFiles() { 190 updateWatchFiles() {
126 ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} 191 ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"}
127 sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles 192 sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles
128 } 193 }
129 194
130 if watchFilesChanged || appDirChanged; then 195 if watchFilesChanged || appDirChanged; then
@@ -136,7 +201,7 @@ in
136 fi 201 fi
137 ''); 202 '');
138 } 203 }
139 ) cfg; 204 ) cfg.apps;
140 205
141 system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair 206 system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
142 name { 207 name {
@@ -147,6 +212,6 @@ in
147 install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions 212 install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
148 ''; 213 '';
149 } 214 }
150 ) cfg; 215 ) cfg.apps;
151 }; 216 };
152} 217}