diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index df8ebe50584..886e2e83ba6 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -135,7 +135,8 @@ with lib; # piwik was renamed to matomo (mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ]) (mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ]) - (mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ]) + (mkRemovedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools..settings") + (mkRemovedOptionModule [ "services" "matomo" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools..settings") (mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ]) # tarsnap diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 8485492c51c..79cece551d3 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -105,7 +105,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; You can use other web servers by forwarding calls for index.php and piwik.php to the - /run/phpfpm-matomo.sock fastcgi unix socket. You can use + services.phpfpm.pools.<name>.socket fastcgi unix socket. You can use the nginx configuration in the module code as a reference to what else should be configured. diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 1e34aff8d17..352cc4c647b 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -2,15 +2,13 @@ with lib; let cfg = config.services.matomo; + fpm = config.services.phpfpm.pools.${pool}; user = "matomo"; dataDir = "/var/lib/${user}"; deprecatedDataDir = "/var/lib/piwik"; pool = user; - # it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770, - # and therefore is not accessible by the web server. - phpSocket = "/run/phpfpm-${pool}.sock"; phpExecutionUnit = "phpfpm-${pool}"; databaseService = "mysql.service"; @@ -50,7 +48,7 @@ in { default = null; example = "lighttpd"; description = '' - Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for Matomo if the nginx + Name of the web server user that forwards requests to the fastcgi socket for Matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket. @@ -71,25 +69,6 @@ in { ''; }; - phpfpmProcessManagerConfig = mkOption { - type = types.str; - default = '' - ; default phpfpm process manager settings - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - - ; log worker's stdout, but this has a performance hit - catch_workers_output = yes - ''; - description = '' - Settings for phpfpm's process manager. You might need to change this depending on the load for Matomo. - ''; - }; - nginx = mkOption { type = types.nullOr (types.submodule ( recursiveUpdate @@ -233,15 +212,24 @@ in { else if (cfg.webServerUser != null) then cfg.webServerUser else ""; in { ${pool} = { - listen = phpSocket; - extraConfig = '' - listen.owner = ${socketOwner} - listen.group = root - listen.mode = 0600 - user = ${user} - env[PIWIK_USER_PATH] = ${dataDir} - ${cfg.phpfpmProcessManagerConfig} + inherit user; + phpOptions = '' + error_log = 'stderr' + log_errors = on ''; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = socketOwner; + "listen.group" = "root"; + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = true; + }; + phpEnv.PIWIK_USER_PATH = dataDir; }; }; @@ -264,15 +252,15 @@ in { }; # allow index.php for webinterface locations."= /index.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # allow matomo.php for tracking locations."= /matomo.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # allow piwik.php for tracking (deprecated name) locations."= /piwik.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # Any other attempt to access any php files is forbidden locations."~* ^.+\\.php$".extraConfig = ''