diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index e32fa6fded4..65014b4beed 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -178,6 +178,9 @@ with lib;
The starting time can be configured via services.postgresqlBackup.startAt.
'')
+ # phpfpm
+ (mkRemovedOptionModule [ "services" "phpfpm" "poolConfigs" ] "Use services.phpfpm.pools instead.")
+
# zabbixServer
(mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ])
diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix
index e8b2e11bf72..bdedfa1bb70 100644
--- a/nixos/modules/services/mail/roundcube.nix
+++ b/nixos/modules/services/mail/roundcube.nix
@@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.roundcube;
+ fpm = config.services.phpfpm.pools.roundcube;
in
{
options.services.roundcube = {
@@ -105,7 +106,7 @@ in
extraConfig = ''
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/phpfpm/roundcube;
+ fastcgi_pass unix:${fpm.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
@@ -119,24 +120,27 @@ in
enable = true;
};
- services.phpfpm.poolConfigs.roundcube = ''
- listen = /run/phpfpm/roundcube
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0660
- user = nginx
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 20
- pm.max_requests = 500
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- php_admin_value[post_max_size] = 25M
- php_admin_value[upload_max_filesize] = 25M
- catch_workers_output = yes
- '';
+ services.phpfpm.pools.roundcube = {
+ user = "nginx";
+ phpOptions = ''
+ error_log = 'stderr'
+ log_errors = on
+ post_max_size = 25M
+ upload_max_filesize = 25M
+ '';
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ "listen.mode" = "0660";
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 1;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ "catch_workers_output" = true;
+ };
+ };
systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ];
systemd.services.roundcube-setup = let
diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix
index cf56ae89b39..6e83d47df1c 100644
--- a/nixos/modules/services/misc/zoneminder.nix
+++ b/nixos/modules/services/misc/zoneminder.nix
@@ -2,6 +2,7 @@
let
cfg = config.services.zoneminder;
+ fpm = config.services.phpfpm.pools.zoneminder;
pkg = pkgs.zoneminder;
dirName = pkg.dirName;
@@ -19,8 +20,6 @@ let
useCustomDir = cfg.storageDir != null;
- socket = "/run/phpfpm/${dirName}.sock";
-
zms = "/cgi-bin/zms";
dirs = dirList: [ dirName ] ++ map (e: "${dirName}/${e}") dirList;
@@ -274,7 +273,7 @@ in {
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY "";
- fastcgi_pass unix:${socket};
+ fastcgi_pass unix:${fpm.socket};
}
}
'';
@@ -284,30 +283,27 @@ in {
phpfpm = lib.mkIf useNginx {
pools.zoneminder = {
- listen = socket;
+ inherit user group;
phpOptions = ''
date.timezone = "${config.time.timeZone}"
${lib.concatStringsSep "\n" (map (e:
"extension=${e.pkg}/lib/php/extensions/${e.name}.so") phpExtensions)}
'';
- extraConfig = ''
- user = ${user}
- group = ${group}
+ settings = lib.mapAttrs (name: lib.mkDefault) {
+ "listen.owner" = user;
+ "listen.group" = group;
+ "listen.mode" = "0660";
- listen.owner = ${user}
- listen.group = ${group}
- listen.mode = 0660
-
- pm = dynamic
- pm.start_servers = 1
- pm.min_spare_servers = 1
- pm.max_spare_servers = 2
- pm.max_requests = 500
- pm.max_children = 5
- pm.status_path = /$pool-status
- ping.path = /$pool-ping
- '';
+ "pm" = "dynamic";
+ "pm.start_servers" = 1;
+ "pm.min_spare_servers" = 1;
+ "pm.max_spare_servers" = 2;
+ "pm.max_requests" = 500;
+ "pm.max_children" = 5;
+ "pm.status_path" = "/$pool-status";
+ "ping.path" = "/$pool-ping";
+ };
};
};
};
diff --git a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
index 6740131dccd..95c8fb16051 100644
--- a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
+++ b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: with lib; let
cfg = config.services.icingaweb2;
+ fpm = config.services.phpfpm.pools.${poolName};
poolName = "icingaweb2";
- phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock";
defaultConfig = {
global = {
@@ -164,27 +164,26 @@ in {
};
config = mkIf cfg.enable {
- services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
- "${poolName}" = ''
- listen = "${phpfpmSocketName}"
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0600
- user = icingaweb2
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 10
- '';
+ services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
+ "${poolName}" = {
+ user = "icingaweb2";
+ phpOptions = ''
+ extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
+ date.timezone = "${cfg.timezone}"
+ '';
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ "listen.mode" = "0600";
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 10;
+ };
+ };
};
- services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}")
- ''
- extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
- date.timezone = "${cfg.timezone}"
- '';
-
systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ];
services.nginx = {
@@ -208,7 +207,7 @@ in {
include ${config.services.nginx.package}/conf/fastcgi.conf;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:${phpfpmSocketName};
+ fastcgi_pass unix:${fpm.socket};
fastcgi_param SCRIPT_FILENAME ${pkgs.icingaweb2}/public/index.php;
'';
};
diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix
index 84a94fc446e..2797feb32eb 100644
--- a/nixos/modules/services/web-apps/limesurvey.nix
+++ b/nixos/modules/services/web-apps/limesurvey.nix
@@ -120,15 +120,15 @@ in
};
poolConfig = mkOption {
- type = types.lines;
- default = ''
- pm = dynamic
- pm.max_children = 32
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 4
- pm.max_requests = 500
- '';
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 4;
+ "pm.max_requests" = 500;
+ };
description = ''
Options for the LimeSurvey PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
@@ -203,17 +203,12 @@ in
};
services.phpfpm.pools.limesurvey = {
- listen = "/run/phpfpm/limesurvey.sock";
- extraConfig = ''
- listen.owner = ${config.services.httpd.user};
- listen.group = ${config.services.httpd.group};
- user = ${user};
- group = ${group};
-
- env[LIMESURVEY_CONFIG] = ${limesurveyConfig}
-
- ${cfg.poolConfig}
- '';
+ inherit user group;
+ phpEnv.LIMESURVEY_CONFIG = "${limesurveyConfig}";
+ settings = {
+ "listen.owner" = config.services.httpd.user;
+ "listen.group" = config.services.httpd.group;
+ } // cfg.poolConfig;
};
services.httpd = {
@@ -241,7 +236,7 @@ in
- SetHandler "proxy:unix:${fpm.listen}|fcgi://localhost/"
+ SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix
index 14aca45a342..bf8b9dbcc21 100644
--- a/nixos/modules/services/web-apps/matomo.nix
+++ b/nixos/modules/services/web-apps/matomo.nix
@@ -225,22 +225,24 @@ in {
serviceConfig.UMask = "0007";
};
- services.phpfpm.poolConfigs = let
+ services.phpfpm.pools = let
# workaround for when both are null and need to generate a string,
# which is illegal, but as assertions apparently are being triggered *after* config generation,
# we have to avoid already throwing errors at this previous stage.
socketOwner = if (cfg.nginx != null) then config.services.nginx.user
else if (cfg.webServerUser != null) then cfg.webServerUser else "";
in {
- ${pool} = ''
- listen = "${phpSocket}"
- listen.owner = ${socketOwner}
- listen.group = root
- listen.mode = 0600
- user = ${user}
- env[PIWIK_USER_PATH] = ${dataDir}
- ${cfg.phpfpmProcessManagerConfig}
- '';
+ ${pool} = {
+ listen = phpSocket;
+ extraConfig = ''
+ listen.owner = ${socketOwner}
+ listen.group = root
+ listen.mode = 0600
+ user = ${user}
+ env[PIWIK_USER_PATH] = ${dataDir}
+ ${cfg.phpfpmProcessManagerConfig}
+ '';
+ };
};
diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix
index 5bd5977e592..ec2568bf952 100644
--- a/nixos/modules/services/web-apps/mediawiki.nix
+++ b/nixos/modules/services/web-apps/mediawiki.nix
@@ -312,17 +312,17 @@ in
};
poolConfig = mkOption {
- type = types.lines;
- default = ''
- pm = dynamic
- pm.max_children = 32
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 4
- pm.max_requests = 500
- '';
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 4;
+ "pm.max_requests" = 500;
+ };
description = ''
- Options for MediaWiki's PHP pool. See the documentation on php-fpm.conf
+ Options for the MediaWiki PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
'';
};
@@ -379,17 +379,12 @@ in
};
services.phpfpm.pools.mediawiki = {
- listen = "/run/phpfpm/mediawiki.sock";
- extraConfig = ''
- listen.owner = ${config.services.httpd.user}
- listen.group = ${config.services.httpd.group}
- user = ${user}
- group = ${group}
-
- env[MEDIAWIKI_CONFIG] = ${mediawikiConfig}
-
- ${cfg.poolConfig}
- '';
+ inherit user group;
+ phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}";
+ settings = {
+ "listen.owner" = config.services.httpd.user;
+ "listen.group" = config.services.httpd.group;
+ } // cfg.poolConfig;
};
services.httpd = {
@@ -403,7 +398,7 @@ in
- SetHandler "proxy:unix:${fpm.listen}|fcgi://localhost/"
+ SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index a0214a75d93..ada14ad3929 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.nextcloud;
+ fpm = config.services.phpfpm.pools.nextcloud;
phpPackage = pkgs.php73;
phpPackages = pkgs.php73Packages;
@@ -410,25 +411,20 @@ in {
};
services.phpfpm = {
- pools.nextcloud = let
- phpAdminValues = (toKeyValue
- (foldr (a: b: a // b) {}
- (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
- phpOptions)));
- in {
- phpOptions = phpOptionsExtensions;
+ pools.nextcloud = {
+ user = "nextcloud";
+ group = "nginx";
+ phpOptions = phpOptionsExtensions + phpOptionsStr;
phpPackage = phpPackage;
- listen = "/run/phpfpm/nextcloud";
- extraConfig = ''
- listen.owner = nginx
- listen.group = nginx
- user = nextcloud
- group = nginx
- ${cfg.poolConfig}
- env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
- env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
- ${phpAdminValues}
- '';
+ phpEnv = {
+ NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
+ PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
+ };
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ };
+ extraConfig = cfg.poolConfig;
};
};
@@ -489,7 +485,7 @@ in {
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
- fastcgi_pass unix:/run/phpfpm/nextcloud;
+ fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
diff --git a/nixos/modules/services/web-apps/restya-board.nix b/nixos/modules/services/web-apps/restya-board.nix
index b200a89260a..6a1b4143bc1 100644
--- a/nixos/modules/services/web-apps/restya-board.nix
+++ b/nixos/modules/services/web-apps/restya-board.nix
@@ -9,11 +9,11 @@ with lib;
let
cfg = config.services.restya-board;
+ fpm = config.services.phpfpm.pools.${poolName};
runDir = "/run/restya-board";
poolName = "restya-board";
- phpfpmSocketName = "/run/phpfpm/${poolName}.sock";
in
@@ -180,7 +180,7 @@ in
services.phpfpm.pools = {
"${poolName}" = {
- listen = phpfpmSocketName;
+ inherit (cfg) user group;
phpOptions = ''
date.timezone = "CET"
@@ -191,20 +191,18 @@ in
auth_password = ${cfg.email.password}
''}
'';
- extraConfig = ''
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0600
- user = ${cfg.user}
- group = ${cfg.group}
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- catch_workers_output = 1
- '';
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ "listen.mode" = "0600";
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ "catch_workers_output" = 1;
+ };
};
};
@@ -241,7 +239,7 @@ in
tryFiles = "$uri =404";
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_pass unix:${phpfpmSocketName};
+ fastcgi_pass unix:${fpm.socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
diff --git a/nixos/modules/services/web-apps/selfoss.nix b/nixos/modules/services/web-apps/selfoss.nix
index cd0f743a5fb..56b7cafffe8 100644
--- a/nixos/modules/services/web-apps/selfoss.nix
+++ b/nixos/modules/services/web-apps/selfoss.nix
@@ -4,7 +4,6 @@ let
cfg = config.services.selfoss;
poolName = "selfoss_pool";
- phpfpmSocketName = "/run/phpfpm/${poolName}.sock";
dataDir = "/var/lib/selfoss";
@@ -116,21 +115,22 @@ in
config = mkIf cfg.enable {
- services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
- "${poolName}" = ''
- listen = "${phpfpmSocketName}";
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0600
- user = nginx
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- catch_workers_output = 1
- '';
+ services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
+ "${poolName}" = {
+ user = "nginx";
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ "listen.mode" = "0600";
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ "catch_workers_output" = 1;
+ };
+ };
};
systemd.services.selfoss-config = {
diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix
index 1bd9de93735..59b0ee1addc 100644
--- a/nixos/modules/services/web-apps/tt-rss.nix
+++ b/nixos/modules/services/web-apps/tt-rss.nix
@@ -521,20 +521,19 @@ let
services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
"${poolName}" = {
- listen = "/var/run/phpfpm/${poolName}.sock";
- extraConfig = ''
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0600
- user = ${cfg.user}
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- catch_workers_output = 1
- '';
+ inherit (cfg) user;
+ settings = mapAttrs (name: mkDefault) {
+ "listen.owner" = "nginx";
+ "listen.group" = "nginx";
+ "listen.mode" = "0600";
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ "catch_workers_output" = 1;
+ };
};
};
@@ -552,7 +551,7 @@ let
locations."~ \.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.listen};
+ fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
fastcgi_index index.php;
'';
};
diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix
index 624b0089a03..98dc8458818 100644
--- a/nixos/modules/services/web-apps/wordpress.nix
+++ b/nixos/modules/services/web-apps/wordpress.nix
@@ -216,15 +216,15 @@ let
};
poolConfig = mkOption {
- type = types.lines;
- default = ''
- pm = dynamic
- pm.max_children = 32
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 4
- pm.max_requests = 500
- '';
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 4;
+ "pm.max_requests" = 500;
+ };
description = ''
Options for the WordPress PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
@@ -280,15 +280,11 @@ in
services.phpfpm.pools = mapAttrs' (hostName: cfg: (
nameValuePair "wordpress-${hostName}" {
- listen = "/run/phpfpm/wordpress-${hostName}.sock";
- extraConfig = ''
- listen.owner = ${config.services.httpd.user}
- listen.group = ${config.services.httpd.group}
- user = ${user}
- group = ${group}
-
- ${cfg.poolConfig}
- '';
+ inherit user group;
+ settings = {
+ "listen.owner" = config.services.httpd.user;
+ "listen.group" = config.services.httpd.group;
+ } // cfg.poolConfig;
}
)) eachSite;
@@ -303,7 +299,7 @@ in
- SetHandler "proxy:unix:/run/phpfpm/wordpress-${hostName}.sock|fcgi://localhost/"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools."wordpress-${hostName}".socket}|fcgi://localhost/"
diff --git a/nixos/modules/services/web-apps/zabbix.nix b/nixos/modules/services/web-apps/zabbix.nix
index 4b5334579a9..fa358ffafbc 100644
--- a/nixos/modules/services/web-apps/zabbix.nix
+++ b/nixos/modules/services/web-apps/zabbix.nix
@@ -133,15 +133,15 @@ in
};
poolConfig = mkOption {
- type = types.lines;
- default = ''
- pm = dynamic
- pm.max_children = 32
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 4
- pm.max_requests = 500
- '';
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 4;
+ "pm.max_requests" = 500;
+ };
description = ''
Options for the Zabbix PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
'';
@@ -160,6 +160,8 @@ in
];
services.phpfpm.pools.zabbix = {
+ inherit user;
+ group = config.services.httpd.group;
phpOptions = ''
# https://www.zabbix.com/documentation/current/manual/installation/install
memory_limit = 128M
@@ -177,15 +179,11 @@ in
'' + optionalString (cfg.database.type == "oracle") ''
extension=${pkgs.phpPackages.oci8}/lib/php/extensions/oci8.so
'';
- listen = "/run/phpfpm/zabbix.sock";
- extraConfig = ''
- listen.owner = ${config.services.httpd.user};
- listen.group = ${config.services.httpd.group};
- user = ${user};
- group = ${config.services.httpd.group};
- env[ZABBIX_CONFIG] = ${zabbixConfig}
- ${cfg.poolConfig}
- '';
+ phpEnv.ZABBIX_CONFIG = zabbixConfig;
+ settings = {
+ "listen.owner" = config.services.httpd.user;
+ "listen.group" = config.services.httpd.group;
+ } // cfg.poolConfig;
};
services.httpd = {
diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix
index ffafbc5e92f..e95e71e0d99 100644
--- a/nixos/modules/services/web-servers/phpfpm/default.nix
+++ b/nixos/modules/services/web-servers/phpfpm/default.nix
@@ -4,41 +4,27 @@ with lib;
let
cfg = config.services.phpfpm;
- enabled = cfg.poolConfigs != {} || cfg.pools != {};
- stateDir = "/run/phpfpm";
+ runtimeDir = "/run/phpfpm";
- poolConfigs =
- (mapAttrs mapPoolConfig cfg.poolConfigs) //
- (mapAttrs mapPool cfg.pools);
+ toStr = value:
+ if true == value then "yes"
+ else if false == value then "no"
+ else toString value;
- mapPoolConfig = n: p: {
- phpPackage = cfg.phpPackage;
- phpOptions = cfg.phpOptions;
- config = p;
- };
-
- mapPool = n: p: {
- phpPackage = p.phpPackage;
- phpOptions = p.phpOptions;
- config = ''
- listen = ${p.listen}
- ${p.extraConfig}
- '';
- };
-
- fpmCfgFile = pool: conf: pkgs.writeText "phpfpm-${pool}.conf" ''
+ fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" ''
[global]
- error_log = syslog
- daemonize = no
- ${cfg.extraConfig}
+ ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)}
+ ${optionalString (cfg.extraConfig != null) cfg.extraConfig}
[${pool}]
- ${conf}
+ ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") poolOpts.settings)}
+ ${concatStringsSep "\n" (mapAttrsToList (n: v: "env[${n}] = ${toStr v}") poolOpts.phpEnv)}
+ ${optionalString (poolOpts.extraConfig != null) poolOpts.extraConfig}
'';
- phpIni = pool: pkgs.runCommand "php.ini" {
- inherit (pool) phpPackage phpOptions;
+ phpIni = poolOpts: pkgs.runCommand "php.ini" {
+ inherit (poolOpts) phpPackage phpOptions;
preferLocalBuild = true;
nixDefaults = ''
sendmail_path = "/run/wrappers/bin/sendmail -t -i"
@@ -48,13 +34,138 @@ let
cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out
'';
+ poolOpts = { name, ... }:
+ let
+ poolOpts = cfg.pools."${name}";
+ in
+ {
+ options = {
+ socket = mkOption {
+ type = types.str;
+ readOnly = true;
+ description = ''
+ Path to the unix socket file on which to accept FastCGI requests.
+ This option is read-only and managed by NixOS.
+ '';
+ };
+
+ listen = mkOption {
+ type = types.str;
+ default = "";
+ example = "/path/to/unix/socket";
+ description = ''
+ The address on which to accept FastCGI requests.
+ '';
+ };
+
+ phpPackage = mkOption {
+ type = types.package;
+ default = cfg.phpPackage;
+ defaultText = "config.services.phpfpm.phpPackage";
+ description = ''
+ The PHP package to use for running this PHP-FPM pool.
+ '';
+ };
+
+ phpOptions = mkOption {
+ type = types.lines;
+ default = cfg.phpOptions;
+ defaultText = "config.services.phpfpm.phpOptions";
+ description = ''
+ "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
+ '';
+ };
+
+ phpEnv = lib.mkOption {
+ type = with types; attrsOf str;
+ default = {};
+ description = ''
+ Environment variables used for this PHP-FPM pool.
+ '';
+ example = literalExample ''
+ {
+ HOSTNAME = "$HOSTNAME";
+ TMP = "/tmp";
+ TMPDIR = "/tmp";
+ TEMP = "/tmp";
+ }
+ '';
+ };
+
+ user = mkOption {
+ type = types.str;
+ description = "User account under which this pool runs.";
+ };
+
+ group = mkOption {
+ type = types.str;
+ description = "Group account under which this pool runs.";
+ };
+
+ settings = mkOption {
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {};
+ description = ''
+ PHP-FPM pool directives. Refer to the "List of pool directives" section of
+
+ for details. Note that settings names must be enclosed in quotes (e.g.
+ "pm.max_children" instead of pm.max_children).
+ '';
+ example = literalExample ''
+ {
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ }
+ '';
+ };
+
+ extraConfig = mkOption {
+ type = with types; nullOr lines;
+ default = null;
+ description = ''
+ Extra lines that go into the pool configuration.
+ See the documentation on php-fpm.conf for
+ details on configuration directives.
+ '';
+ };
+ };
+
+ config = {
+ socket = if poolOpts.listen == "" then "${runtimeDir}/${name}.sock" else poolOpts.listen;
+ group = mkDefault poolOpts.user;
+
+ settings = mapAttrs (name: mkDefault){
+ listen = poolOpts.socket;
+ user = poolOpts.user;
+ group = poolOpts.group;
+ };
+ };
+ };
+
in {
options = {
services.phpfpm = {
+ settings = mkOption {
+ type = with types; attrsOf (oneOf [ str int bool ]);
+ default = {};
+ description = ''
+ PHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of
+
+ for details. Note that settings names must be enclosed in quotes (e.g.
+ "pm.max_children" instead of pm.max_children).
+ You need not specify the options error_log or
+ daemonize here, since they are generated by NixOS.
+ '';
+ };
+
extraConfig = mkOption {
- type = types.lines;
- default = "";
+ type = with types; nullOr lines;
+ default = null;
description = ''
Extra configuration that should be put in the global section of
the PHP-FPM configuration file. Do not specify the options
@@ -80,64 +191,56 @@ in {
''
date.timezone = "CET"
'';
- description =
- "Options appended to the PHP configuration file php.ini.";
- };
-
- poolConfigs = mkOption {
- default = {};
- type = types.attrsOf types.lines;
- example = literalExample ''
- { mypool = '''
- listen = /run/phpfpm/mypool
- user = nobody
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- ''';
- }
- '';
description = ''
- A mapping between PHP-FPM pool names and their configurations.
- See the documentation on php-fpm.conf for
- details on configuration directives. If no pools are defined,
- the phpfpm service is disabled.
+ Options appended to the PHP configuration file php.ini.
'';
};
pools = mkOption {
- type = types.attrsOf (types.submodule (import ./pool-options.nix {
- inherit lib config;
- }));
+ type = types.attrsOf (types.submodule poolOpts);
default = {};
example = literalExample ''
{
mypool = {
- listen = "/path/to/unix/socket";
+ user = "php";
+ group = "php";
phpPackage = pkgs.php;
- extraConfig = '''
- user = nobody
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
+ settings = '''
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
''';
}
}'';
description = ''
- PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM
+ PHP-FPM pools. If no pools are defined, the PHP-FPM
service is disabled.
'';
};
};
};
- config = mkIf enabled {
+ config = mkIf (cfg.pools != {}) {
+
+ warnings =
+ mapAttrsToList (pool: poolOpts: ''
+ Using config.services.phpfpm.pools.${pool}.listen is deprecated and will become unsupported in a future release. Please reference the read-only option config.services.phpfpm.pools.${pool}.socket to access the path of your socket.
+ '') (filterAttrs (pool: poolOpts: poolOpts.listen != "") cfg.pools) ++
+ mapAttrsToList (pool: poolOpts: ''
+ Using config.services.phpfpm.pools.${pool}.extraConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.phpfpm.pools.${pool}.settings.
+ '') (filterAttrs (pool: poolOpts: poolOpts.extraConfig != null) cfg.pools) ++
+ optional (cfg.extraConfig != null) ''
+ Using config.services.phpfpm.extraConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.phpfpm.settings.
+ ''
+ ;
+
+ services.phpfpm.settings = {
+ error_log = "syslog";
+ daemonize = false;
+ };
systemd.slices.phpfpm = {
description = "PHP FastCGI Process manager pools slice";
@@ -148,18 +251,15 @@ in {
wantedBy = [ "multi-user.target" ];
};
- systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
+ systemd.services = mapAttrs' (pool: poolOpts:
nameValuePair "phpfpm-${pool}" {
description = "PHP FastCGI Process Manager service for pool ${pool}";
after = [ "network.target" ];
wantedBy = [ "phpfpm.target" ];
partOf = [ "phpfpm.target" ];
- preStart = ''
- mkdir -p ${stateDir}
- '';
serviceConfig = let
- cfgFile = fpmCfgFile pool poolConfig.config;
- iniFile = phpIni poolConfig;
+ cfgFile = fpmCfgFile pool poolOpts;
+ iniFile = phpIni poolOpts;
in {
Slice = "phpfpm.slice";
PrivateDevices = true;
@@ -168,10 +268,12 @@ in {
# XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
Type = "notify";
- ExecStart = "${poolConfig.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}";
+ ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
+ RuntimeDirectory = "phpfpm";
+ RuntimeDirectoryPreserve = true; # Relevant when multiple processes are running
};
}
- );
+ ) cfg.pools;
};
}
diff --git a/nixos/modules/services/web-servers/phpfpm/pool-options.nix b/nixos/modules/services/web-servers/phpfpm/pool-options.nix
deleted file mode 100644
index d9ad7eff71f..00000000000
--- a/nixos/modules/services/web-servers/phpfpm/pool-options.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ lib, config }:
-
-let
- fpmCfg = config.services.phpfpm;
-in
-
-with lib; {
-
- options = {
-
- listen = mkOption {
- type = types.str;
- example = "/path/to/unix/socket";
- description = ''
- The address on which to accept FastCGI requests.
- '';
- };
-
- phpPackage = mkOption {
- type = types.package;
- default = fpmCfg.phpPackage;
- defaultText = "config.services.phpfpm.phpPackage";
- description = ''
- The PHP package to use for running this PHP-FPM pool.
- '';
- };
-
- phpOptions = mkOption {
- type = types.lines;
- default = fpmCfg.phpOptions;
- defaultText = "config.services.phpfpm.phpOptions";
- description = ''
- "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
- '';
- };
-
- extraConfig = mkOption {
- type = types.lines;
- example = ''
- user = nobody
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- '';
-
- description = ''
- Extra lines that go into the pool configuration.
- See the documentation on php-fpm.conf for
- details on configuration directives.
- '';
- };
- };
-}
-