From 55ebe7be7375fe58c5e8a6f8edc31f768ddf5e6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 2 Jun 2019 09:48:05 +0200 Subject: Finish moving aten php configuration to dedicated module --- modules/secrets.nix | 9 ++++ modules/websites/default.nix | 19 ++++--- modules/websites/php-application.nix | 101 ++++++++++++++++++++++++++++------- 3 files changed, 103 insertions(+), 26 deletions(-) (limited to 'modules') diff --git a/modules/secrets.nix b/modules/secrets.nix index 808b15c5..a2424e92 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -11,7 +11,16 @@ default = "/var/secrets"; description = "Location where to put the keys"; }; + # Read-only variables + fullPaths = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = builtins.listToAttrs + (map (v: { name = v.dest; value = "${config.secrets.location}/${v.dest}"; }) config.secrets.keys); + readOnly = true; + description = "set of full paths to secrets"; + }; }; + config = let location = config.secrets.location; keys = config.secrets.keys; diff --git a/modules/websites/default.nix b/modules/websites/default.nix index ef79cb3c..043fc6ec 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix @@ -23,14 +23,6 @@ in Name of the webapp dir to create in /run/current-system ''; }; - webappDirsPath = mkOption { - type = str; - readOnly = true; - description = '' - Full path of the webapp dir - ''; - default = "/run/current-system/${cfg.webappDirsName}"; - }; env = mkOption { default = {}; description = "Each type of website to enable will target a distinct httpd server"; @@ -126,6 +118,17 @@ in }; }); }; + # Readonly variables + webappDirsPaths = mkOption { + type = attrsOf path; + readOnly = true; + description = '' + Full paths of the webapp dir + ''; + default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name "/run/current-system/${cfg.webappDirsName}/${name}" + ) cfg.webappDirs; + }; }; config.services.httpd = let diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix index 765d4067..1bc4872e 100644 --- a/modules/websites/php-application.nix +++ b/modules/websites/php-application.nix @@ -2,11 +2,11 @@ with lib; let cfg = config.services.phpApplication; - cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg); + cfgByEnv = lists.groupBy (x: x.websiteEnv) (builtins.attrValues cfg.apps); in { - options = { - services.phpApplication = with types; mkOption { + options = with types; { + services.phpApplication.apps = mkOption { default = {}; description = '' php applications to define @@ -31,6 +31,35 @@ in default = true; description = "Handle phpsession files separately in vardir"; }; + phpListen = mkOption { + type = nullOr str; + default = null; + description = "Name of the socket to listen to. Defaults to app name if null"; + }; + phpPool = mkOption { + type = lines; + default = ""; + description = "Pool configuration to append"; + }; + phpOptions = mkOption { + type = lines; + default = ""; + description = "php configuration to append"; + }; + phpOpenbasedir = mkOption { + type = listOf path; + default = []; + description = '' + paths to add to php open_basedir configuration in addition to app and vardir + ''; + }; + phpWatchFiles = mkOption { + type = listOf path; + default = []; + description = '' + Path to other files to watch to trigger preStart scripts + ''; + }; websiteEnv = mkOption { type = str; description = '' @@ -51,6 +80,13 @@ in httpd group to run the prestart scripts as. ''; }; + httpdWatchFiles = mkOption { + type = listOf path; + default = []; + description = '' + Path to other files to watch to trigger httpd reload + ''; + }; app = mkOption { type = path; description = '' @@ -59,6 +95,7 @@ in }; webappName = mkOption { type = nullOr str; + default = null; description = '' Alias name for the app, to be used in services.websites.webappDirs ''; @@ -84,29 +121,57 @@ in List of systemd services this application depends on ''; }; - watchFiles = mkOption { - type = listOf path; - default = []; - description = '' - Path to other files to watch to trigger preStart scripts - ''; - }; }; }); }; + # Read-only variables + services.phpApplication.phpListenPaths = mkOption { + type = attrsOf path; + default = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name "/run/phpfpm/${if icfg.phpListen == null then name else icfg.phpListen}.sock" + ) cfg.apps; + readOnly = true; + description = '' + Full paths to listen for php + ''; + }; + services.phpApplication.webappDirs = mkOption { + type = attrsOf path; + default = attrsets.filterAttrs (n: v: builtins.hasAttr n cfg.apps) config.services.websites.webappDirsPaths; + readOnly = true; + description = '' + Stable name webapp dirs for httpd + ''; + }; }; config = { services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair name { modules = [ "proxy_fcgi" ]; - watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs); + watchPaths = builtins.concatLists (map (c: c.httpdWatchFiles) cfgs); } ) cfgByEnv; + services.phpfpm.pools = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + name { + listen = cfg.phpListenPaths."${name}"; + extraConfig = '' + user = ${icfg.httpdUser} + group = ${icfg.httpdGroup} + listen.owner = ${icfg.httpdUser} + listen.group = ${icfg.httpdGroup} + ${optionalString (icfg.phpSession) '' + php_admin_value[session.save_path] = "${icfg.varDir}/phpSessions"''} + php_admin_value[open_basedir] = "${builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpOpenbasedir)}" + '' + icfg.phpPool; + phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions; + } + ) cfg.apps; + services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair - icfg.webappName icfg.webRoot - ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg); + (if icfg.webappName == null then name else icfg.webappName) icfg.webRoot + ) (attrsets.filterAttrs (n: v: !isNull v.webRoot) cfg.apps); systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair "phpfpm-${name}" { @@ -114,7 +179,7 @@ in wants = icfg.serviceDeps; preStart = lib.mkAfter (optionalString (!isNull icfg.varDir) '' watchFilesChanged() { - ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} + ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 1"} [ ! -f "${icfg.varDir}"/watchedFiles ] \ || ! sha512sum -c --status ${icfg.varDir}/watchedFiles } @@ -123,8 +188,8 @@ in "${icfg.app}" != "$(cat ${icfg.varDir}/currentWebappDir 2>/dev/null)" ] } updateWatchFiles() { - ${optionalString (builtins.length icfg.watchFiles == 0) "return 0"} - sha512sum ${builtins.concatStringsSep " " icfg.watchFiles} > ${icfg.varDir}/watchedFiles + ${optionalString (builtins.length icfg.phpWatchFiles == 0) "return 0"} + sha512sum ${builtins.concatStringsSep " " icfg.phpWatchFiles} > ${icfg.varDir}/watchedFiles } if watchFilesChanged || appDirChanged; then @@ -136,7 +201,7 @@ in fi ''); } - ) cfg; + ) cfg.apps; system.activationScripts = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair name { @@ -147,6 +212,6 @@ in install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions ''; } - ) cfg; + ) cfg.apps; }; } -- cgit v1.2.3