nixos/icingaweb2: fix work with phpfpm-rootless mode

nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix

@@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }: with lib; let
   cfg = config.services.icingaweb2;
   poolName = "icingaweb2";
-  phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock";
 
   defaultConfig = {
     global = {
@@ -162,19 +161,23 @@ in {
   };
 
   config = mkIf cfg.enable {
-    services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
+    services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
-      "${poolName}" = ''
+      "${poolName}" = {
-        listen = "${phpfpmSocketName}"
+        socketName = "${poolName}";
-        listen.owner = nginx
+        phpPackage = pkgs.php;
-        listen.group = nginx
+        user = "icingaweb2";
-        listen.mode = 0600
+        group = "icingaweb2";
-        user = icingaweb2
+        extraConfig = ''
-        pm = dynamic
+          listen.owner = ${config.services.nginx.user}
-        pm.max_children = 75
+          listen.group = ${config.services.nginx.group}
-        pm.start_servers = 2
+          listen.mode = 0600
-        pm.min_spare_servers = 2
+          pm = dynamic
-        pm.max_spare_servers = 10
+          pm.max_children = 75
-      '';
+          pm.start_servers = 2
+          pm.min_spare_servers = 2
+          pm.max_spare_servers = 10
+        '';
+      };
     };
 
     services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}")
@@ -206,7 +209,7 @@ in {
             include ${config.services.nginx.package}/conf/fastcgi.conf;
             try_files $uri =404;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass unix:${phpfpmSocketName};
+            fastcgi_pass unix:/run/phpfpm-${poolName}/${poolName}.sock;
             fastcgi_param SCRIPT_FILENAME ${pkgs.icingaweb2}/public/index.php;
           '';
         };
@@ -239,5 +242,8 @@ in {
       group = "icingaweb2";
       isSystemUser = true;
     };
+    users.users.nginx = {
+      extraGroups = [ "icingaweb2" ];
+    };
   };
 }