From 6ea626d3e25629420fb1dc6f717cbebf861c9895 Mon Sep 17 00:00:00 2001 From: Robert Djubek Date: Tue, 24 Sep 2019 08:03:06 +0000 Subject: [PATCH 1/3] nixos/matomo: fix deprecation warnings Fixes the phpfpm deprecation warnings about listen and extraConfig by using fpm.socket and settings. Removes phpfpmProcessManagerConfig. --- nixos/modules/rename.nix | 3 +- .../modules/services/web-apps/matomo-doc.xml | 2 +- nixos/modules/services/web-apps/matomo.nix | 56 ++++++++----------- 3 files changed, 25 insertions(+), 36 deletions(-) diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index df8ebe50584..886e2e83ba6 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -135,7 +135,8 @@ with lib; # piwik was renamed to matomo (mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ]) (mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ]) - (mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ]) + (mkRemovedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools..settings") + (mkRemovedOptionModule [ "services" "matomo" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools..settings") (mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ]) # tarsnap diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 8485492c51c..79cece551d3 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -105,7 +105,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; You can use other web servers by forwarding calls for index.php and piwik.php to the - /run/phpfpm-matomo.sock fastcgi unix socket. You can use + services.phpfpm.pools.<name>.socket fastcgi unix socket. You can use the nginx configuration in the module code as a reference to what else should be configured. diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 1e34aff8d17..352cc4c647b 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -2,15 +2,13 @@ with lib; let cfg = config.services.matomo; + fpm = config.services.phpfpm.pools.${pool}; user = "matomo"; dataDir = "/var/lib/${user}"; deprecatedDataDir = "/var/lib/piwik"; pool = user; - # it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770, - # and therefore is not accessible by the web server. - phpSocket = "/run/phpfpm-${pool}.sock"; phpExecutionUnit = "phpfpm-${pool}"; databaseService = "mysql.service"; @@ -50,7 +48,7 @@ in { default = null; example = "lighttpd"; description = '' - Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for Matomo if the nginx + Name of the web server user that forwards requests to the fastcgi socket for Matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket. @@ -71,25 +69,6 @@ in { ''; }; - phpfpmProcessManagerConfig = mkOption { - type = types.str; - default = '' - ; default phpfpm process manager settings - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - - ; log worker's stdout, but this has a performance hit - catch_workers_output = yes - ''; - description = '' - Settings for phpfpm's process manager. You might need to change this depending on the load for Matomo. - ''; - }; - nginx = mkOption { type = types.nullOr (types.submodule ( recursiveUpdate @@ -233,15 +212,24 @@ in { else if (cfg.webServerUser != null) then cfg.webServerUser else ""; in { ${pool} = { - listen = phpSocket; - extraConfig = '' - listen.owner = ${socketOwner} - listen.group = root - listen.mode = 0600 - user = ${user} - env[PIWIK_USER_PATH] = ${dataDir} - ${cfg.phpfpmProcessManagerConfig} + inherit user; + phpOptions = '' + error_log = 'stderr' + log_errors = on ''; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = socketOwner; + "listen.group" = "root"; + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = true; + }; + phpEnv.PIWIK_USER_PATH = dataDir; }; }; @@ -264,15 +252,15 @@ in { }; # allow index.php for webinterface locations."= /index.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # allow matomo.php for tracking locations."= /matomo.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # allow piwik.php for tracking (deprecated name) locations."= /piwik.php".extraConfig = '' - fastcgi_pass unix:${phpSocket}; + fastcgi_pass unix:${fpm.socket}; ''; # Any other attempt to access any php files is forbidden locations."~* ^.+\\.php$".extraConfig = '' From cb85d27adc70dcab9138198109402fa69ff68eca Mon Sep 17 00:00:00 2001 From: Robert Djubek Date: Tue, 24 Sep 2019 08:08:19 +0000 Subject: [PATCH 2/3] matomo-beta: init at 3.12.0-b3 Add a beta version of matomo 3.12 that has recent bug fixes. They release these more frequently so it's a good option to have. --- pkgs/servers/web-apps/matomo/default.nix | 29 ++++++++++++++++++++---- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/web-apps/matomo/default.nix b/pkgs/servers/web-apps/matomo/default.nix index e848cb83c52..e990a16c038 100644 --- a/pkgs/servers/web-apps/matomo/default.nix +++ b/pkgs/servers/web-apps/matomo/default.nix @@ -1,12 +1,30 @@ { stdenv, fetchurl, makeWrapper, php }: +let + versions = { + matomo = { + version = "3.11.0"; + sha256 = "1fbnmmzzsi3dfm9qm30wypxjcazl37mryaik9mlrb19hnp2md40q"; + }; + + matomo-beta = { + version = "3.12.0"; + beta = 3; + sha256 = "1n7b8cag7rpi6y4145cll2irz3in4668jkiicy06wm5nq6lb4bdf"; + }; + }; + common = pname: {version, sha256, beta ? null}: + let fullVersion = version + stdenv.lib.optionalString (beta != null) "-b${toString beta}"; + name = "${pname}-${fullVersion}"; +in + stdenv.mkDerivation rec { - pname = "matomo"; - version = "3.11.0"; + inherit name; + version = fullVersion; src = fetchurl { url = "https://builds.matomo.org/matomo-${version}.tar.gz"; - sha256 = "1fbnmmzzsi3dfm9qm30wypxjcazl37mryaik9mlrb19hnp2md40q"; + inherit sha256; }; nativeBuildInputs = [ makeWrapper ]; @@ -53,6 +71,7 @@ stdenv.mkDerivation rec { license = licenses.gpl3Plus; homepage = https://matomo.org/; platforms = platforms.all; - maintainers = [ maintainers.florianjacob ]; + maintainers = with maintainers; [ florianjacob kiwi ]; }; -} +}; +in stdenv.lib.mapAttrs common versions diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a75d9c6adb7..755343c32a4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15449,7 +15449,9 @@ in shiori = callPackage ../servers/web-apps/shiori { }; - matomo = callPackage ../servers/web-apps/matomo { }; + inherit (callPackages ../servers/web-apps/matomo {}) + matomo + matomo-beta; axis2 = callPackage ../servers/http/tomcat/axis2 { }; From 605379bc628f2fea85c144866d4bf8c2fe41ae33 Mon Sep 17 00:00:00 2001 From: Martin Milata Date: Fri, 4 Oct 2019 22:38:58 +0200 Subject: [PATCH 3/3] nixos/matomo: add test --- nixos/tests/all-tests.nix | 1 + nixos/tests/matomo.nix | 43 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 nixos/tests/matomo.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 10564e063c6..e9020531eb2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -158,6 +158,7 @@ in #logstash = handleTest ./logstash.nix {}; mailcatcher = handleTest ./mailcatcher.nix {}; mathics = handleTest ./mathics.nix {}; + matomo = handleTest ./matomo.nix {}; matrix-synapse = handleTest ./matrix-synapse.nix {}; mediawiki = handleTest ./mediawiki.nix {}; memcached = handleTest ./memcached.nix {}; diff --git a/nixos/tests/matomo.nix b/nixos/tests/matomo.nix new file mode 100644 index 00000000000..4efa65a7b6d --- /dev/null +++ b/nixos/tests/matomo.nix @@ -0,0 +1,43 @@ +{ system ? builtins.currentSystem, config ? { } +, pkgs ? import ../.. { inherit system config; } }: + +with import ../lib/testing.nix { inherit system pkgs; }; +with pkgs.lib; + +let + matomoTest = package: + makeTest { + machine = { config, pkgs, ... }: { + services.matomo = { + package = package; + enable = true; + nginx = { + forceSSL = false; + enableACME = false; + }; + }; + services.mysql = { + enable = true; + package = pkgs.mysql; + }; + services.nginx.enable = true; + }; + + testScript = '' + startAll; + $machine->waitForUnit("mysql.service"); + $machine->waitForUnit("phpfpm-matomo.service"); + $machine->waitForUnit("nginx.service"); + $machine->succeed("curl -sSfL http://localhost/ | grep 'Matomo[^<]*Installation'"); + ''; + }; +in { + matomo = matomoTest pkgs.matomo // { + name = "matomo"; + meta.maintainers = with maintainers; [ florianjacob kiwi mmilata ]; + }; + matomo-beta = matomoTest pkgs.matomo-beta // { + name = "matomo-beta"; + meta.maintainers = with maintainers; [ florianjacob kiwi mmilata ]; + }; +}