From 0ce8317c469872bcb4aed577477676d4148aa1a6 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 3 Jul 2019 12:11:38 -0400 Subject: [PATCH 1/6] nixos/phpfpm: deprecate poolConfigs option --- nixos/modules/rename.nix | 3 + nixos/modules/services/mail/roundcube.nix | 38 ++++++----- .../web-apps/icingaweb2/icingaweb2.nix | 28 ++++---- nixos/modules/services/web-apps/matomo.nix | 22 +++--- nixos/modules/services/web-apps/selfoss.nix | 32 ++++----- .../services/web-servers/phpfpm/default.nix | 67 ++++--------------- 6 files changed, 79 insertions(+), 111 deletions(-) diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index e32fa6fded4..65014b4beed 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -178,6 +178,9 @@ with lib; The starting time can be configured via services.postgresqlBackup.startAt. '') + # phpfpm + (mkRemovedOptionModule [ "services" "phpfpm" "poolConfigs" ] "Use services.phpfpm.pools instead.") + # zabbixServer (mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ]) diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index e8b2e11bf72..3bc1cf807ac 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -119,24 +119,26 @@ in enable = true; }; - services.phpfpm.poolConfigs.roundcube = '' - listen = /run/phpfpm/roundcube - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 20 - pm.max_requests = 500 - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - php_admin_value[post_max_size] = 25M - php_admin_value[upload_max_filesize] = 25M - catch_workers_output = yes - ''; + services.phpfpm.pools.roundcube = { + listen = "/run/phpfpm/roundcube"; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0660 + user = nginx + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 20 + pm.max_requests = 500 + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + php_admin_value[post_max_size] = 25M + php_admin_value[upload_max_filesize] = 25M + catch_workers_output = yes + ''; + }; systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ]; systemd.services.roundcube-setup = let diff --git a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index 6740131dccd..4c7736b8887 100644 --- a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -164,19 +164,21 @@ in { }; config = mkIf cfg.enable { - services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { - "${poolName}" = '' - listen = "${phpfpmSocketName}" - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = icingaweb2 - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 10 - ''; + services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { + "${poolName}" = { + listen = phpfpmSocketName; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = icingaweb2 + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 10 + ''; + }; }; services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}") diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 14aca45a342..bf8b9dbcc21 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -225,22 +225,24 @@ in { serviceConfig.UMask = "0007"; }; - services.phpfpm.poolConfigs = let + services.phpfpm.pools = let # workaround for when both are null and need to generate a string, # which is illegal, but as assertions apparently are being triggered *after* config generation, # we have to avoid already throwing errors at this previous stage. socketOwner = if (cfg.nginx != null) then config.services.nginx.user else if (cfg.webServerUser != null) then cfg.webServerUser else ""; in { - ${pool} = '' - listen = "${phpSocket}" - listen.owner = ${socketOwner} - listen.group = root - listen.mode = 0600 - user = ${user} - env[PIWIK_USER_PATH] = ${dataDir} - ${cfg.phpfpmProcessManagerConfig} - ''; + ${pool} = { + listen = phpSocket; + extraConfig = '' + listen.owner = ${socketOwner} + listen.group = root + listen.mode = 0600 + user = ${user} + env[PIWIK_USER_PATH] = ${dataDir} + ${cfg.phpfpmProcessManagerConfig} + ''; + }; }; diff --git a/nixos/modules/services/web-apps/selfoss.nix b/nixos/modules/services/web-apps/selfoss.nix index cd0f743a5fb..348febe661b 100644 --- a/nixos/modules/services/web-apps/selfoss.nix +++ b/nixos/modules/services/web-apps/selfoss.nix @@ -116,21 +116,23 @@ in config = mkIf cfg.enable { - services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { - "${poolName}" = '' - listen = "${phpfpmSocketName}"; - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { + "${poolName}" = { + listen = phpfpmSocketName; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = nginx + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + catch_workers_output = 1 + ''; + }; }; systemd.services.selfoss-config = { diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index ffafbc5e92f..9db3a058d6d 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -4,41 +4,22 @@ with lib; let cfg = config.services.phpfpm; - enabled = cfg.poolConfigs != {} || cfg.pools != {}; stateDir = "/run/phpfpm"; - poolConfigs = - (mapAttrs mapPoolConfig cfg.poolConfigs) // - (mapAttrs mapPool cfg.pools); - - mapPoolConfig = n: p: { - phpPackage = cfg.phpPackage; - phpOptions = cfg.phpOptions; - config = p; - }; - - mapPool = n: p: { - phpPackage = p.phpPackage; - phpOptions = p.phpOptions; - config = '' - listen = ${p.listen} - ${p.extraConfig} - ''; - }; - - fpmCfgFile = pool: conf: pkgs.writeText "phpfpm-${pool}.conf" '' + fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" '' [global] error_log = syslog daemonize = no ${cfg.extraConfig} [${pool}] - ${conf} + listen = ${poolOpts.listen} + ${poolOpts.extraConfig} ''; - phpIni = pool: pkgs.runCommand "php.ini" { - inherit (pool) phpPackage phpOptions; + phpIni = poolOpts: pkgs.runCommand "php.ini" { + inherit (poolOpts) phpPackage phpOptions; preferLocalBuild = true; nixDefaults = '' sendmail_path = "/run/wrappers/bin/sendmail -t -i" @@ -84,30 +65,6 @@ in { "Options appended to the PHP configuration file php.ini."; }; - poolConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - listen = /run/phpfpm/mypool - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - ''; - description = '' - A mapping between PHP-FPM pool names and their configurations. - See the documentation on php-fpm.conf for - details on configuration directives. If no pools are defined, - the phpfpm service is disabled. - ''; - }; - pools = mkOption { type = types.attrsOf (types.submodule (import ./pool-options.nix { inherit lib config; @@ -130,14 +87,14 @@ in { } }''; description = '' - PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM + PHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled. ''; }; }; }; - config = mkIf enabled { + config = mkIf (cfg.pools != {}) { systemd.slices.phpfpm = { description = "PHP FastCGI Process manager pools slice"; @@ -148,7 +105,7 @@ in { wantedBy = [ "multi-user.target" ]; }; - systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig: + systemd.services = mapAttrs' (pool: poolOpts: nameValuePair "phpfpm-${pool}" { description = "PHP FastCGI Process Manager service for pool ${pool}"; after = [ "network.target" ]; @@ -158,8 +115,8 @@ in { mkdir -p ${stateDir} ''; serviceConfig = let - cfgFile = fpmCfgFile pool poolConfig.config; - iniFile = phpIni poolConfig; + cfgFile = fpmCfgFile pool poolOpts; + iniFile = phpIni poolOpts; in { Slice = "phpfpm.slice"; PrivateDevices = true; @@ -168,10 +125,10 @@ in { # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; Type = "notify"; - ExecStart = "${poolConfig.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; + ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; }; } - ); + ) cfg.pools; }; } From 2b5f6630154ac569ed503c2fd944c7c83aa05778 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 3 Jul 2019 12:18:27 -0400 Subject: [PATCH 2/6] nixos/phpfpm: merge pool-options.nix into default.nix --- .../services/web-servers/phpfpm/default.nix | 54 +++++++++++++++++- .../web-servers/phpfpm/pool-options.nix | 57 ------------------- 2 files changed, 51 insertions(+), 60 deletions(-) delete mode 100644 nixos/modules/services/web-servers/phpfpm/pool-options.nix diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 9db3a058d6d..a96ac052d00 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -29,6 +29,56 @@ let cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out ''; + poolOpts = { lib, ... }: + { + options = { + listen = mkOption { + type = types.str; + example = "/path/to/unix/socket"; + description = '' + The address on which to accept FastCGI requests. + ''; + }; + + phpPackage = mkOption { + type = types.package; + default = cfg.phpPackage; + defaultText = "config.services.phpfpm.phpPackage"; + description = '' + The PHP package to use for running this PHP-FPM pool. + ''; + }; + + phpOptions = mkOption { + type = types.lines; + default = cfg.phpOptions; + defaultText = "config.services.phpfpm.phpOptions"; + description = '' + "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool." + ''; + }; + + extraConfig = mkOption { + type = types.lines; + example = '' + user = nobody + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + ''; + + description = '' + Extra lines that go into the pool configuration. + See the documentation on php-fpm.conf for + details on configuration directives. + ''; + }; + }; + }; + in { options = { @@ -66,9 +116,7 @@ in { }; pools = mkOption { - type = types.attrsOf (types.submodule (import ./pool-options.nix { - inherit lib config; - })); + type = types.attrsOf (types.submodule poolOpts); default = {}; example = literalExample '' { diff --git a/nixos/modules/services/web-servers/phpfpm/pool-options.nix b/nixos/modules/services/web-servers/phpfpm/pool-options.nix deleted file mode 100644 index d9ad7eff71f..00000000000 --- a/nixos/modules/services/web-servers/phpfpm/pool-options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, config }: - -let - fpmCfg = config.services.phpfpm; -in - -with lib; { - - options = { - - listen = mkOption { - type = types.str; - example = "/path/to/unix/socket"; - description = '' - The address on which to accept FastCGI requests. - ''; - }; - - phpPackage = mkOption { - type = types.package; - default = fpmCfg.phpPackage; - defaultText = "config.services.phpfpm.phpPackage"; - description = '' - The PHP package to use for running this PHP-FPM pool. - ''; - }; - - phpOptions = mkOption { - type = types.lines; - default = fpmCfg.phpOptions; - defaultText = "config.services.phpfpm.phpOptions"; - description = '' - "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool." - ''; - }; - - extraConfig = mkOption { - type = types.lines; - example = '' - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - ''; - - description = '' - Extra lines that go into the pool configuration. - See the documentation on php-fpm.conf for - details on configuration directives. - ''; - }; - }; -} - From 62b774a7001f0d1d89d7ba6552c37b885c0189b7 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 3 Jul 2019 17:34:17 -0400 Subject: [PATCH 3/6] nixos/phpfpm: add socket option to replace the listen option --- nixos/modules/services/misc/zoneminder.nix | 6 ++-- .../web-apps/icingaweb2/icingaweb2.nix | 5 ++-- .../modules/services/web-apps/limesurvey.nix | 3 +- nixos/modules/services/web-apps/mediawiki.nix | 2 +- nixos/modules/services/web-apps/nextcloud.nix | 4 +-- .../services/web-apps/restya-board.nix | 5 ++-- nixos/modules/services/web-apps/selfoss.nix | 2 -- nixos/modules/services/web-apps/tt-rss.nix | 3 +- .../services/web-servers/phpfpm/default.nix | 28 +++++++++++++++++-- 9 files changed, 36 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index cf56ae89b39..ee94d8a06b5 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -2,6 +2,7 @@ let cfg = config.services.zoneminder; + fpm = config.services.phpfpm.pools.zoneminder; pkg = pkgs.zoneminder; dirName = pkg.dirName; @@ -19,8 +20,6 @@ let useCustomDir = cfg.storageDir != null; - socket = "/run/phpfpm/${dirName}.sock"; - zms = "/cgi-bin/zms"; dirs = dirList: [ dirName ] ++ map (e: "${dirName}/${e}") dirList; @@ -274,7 +273,7 @@ in { fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param HTTP_PROXY ""; - fastcgi_pass unix:${socket}; + fastcgi_pass unix:${fpm.socket}; } } ''; @@ -284,7 +283,6 @@ in { phpfpm = lib.mkIf useNginx { pools.zoneminder = { - listen = socket; phpOptions = '' date.timezone = "${config.time.timeZone}" diff --git a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index 4c7736b8887..35a7badfd63 100644 --- a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with lib; let cfg = config.services.icingaweb2; + fpm = config.services.phpfpm.pools.${poolName}; poolName = "icingaweb2"; - phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock"; defaultConfig = { global = { @@ -166,7 +166,6 @@ in { config = mkIf cfg.enable { services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - listen = phpfpmSocketName; extraConfig = '' listen.owner = nginx listen.group = nginx @@ -210,7 +209,7 @@ in { include ${config.services.nginx.package}/conf/fastcgi.conf; try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${phpfpmSocketName}; + fastcgi_pass unix:${fpm.socket}; fastcgi_param SCRIPT_FILENAME ${pkgs.icingaweb2}/public/index.php; ''; }; diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index 84a94fc446e..0449b9dfd41 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -203,7 +203,6 @@ in }; services.phpfpm.pools.limesurvey = { - listen = "/run/phpfpm/limesurvey.sock"; extraConfig = '' listen.owner = ${config.services.httpd.user}; listen.group = ${config.services.httpd.group}; @@ -241,7 +240,7 @@ in - SetHandler "proxy:unix:${fpm.listen}|fcgi://localhost/" + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 5bd5977e592..7fb28d35078 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -403,7 +403,7 @@ in - SetHandler "proxy:unix:${fpm.listen}|fcgi://localhost/" + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index a0214a75d93..966ee3104cc 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.services.nextcloud; + fpm = config.services.phpfpm.pools.nextcloud; phpPackage = pkgs.php73; phpPackages = pkgs.php73Packages; @@ -418,7 +419,6 @@ in { in { phpOptions = phpOptionsExtensions; phpPackage = phpPackage; - listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx listen.group = nginx @@ -489,7 +489,7 @@ in { fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; - fastcgi_pass unix:/run/phpfpm/nextcloud; + fastcgi_pass unix:${fpm.socket}; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_read_timeout 120s; diff --git a/nixos/modules/services/web-apps/restya-board.nix b/nixos/modules/services/web-apps/restya-board.nix index b200a89260a..8d7938b5965 100644 --- a/nixos/modules/services/web-apps/restya-board.nix +++ b/nixos/modules/services/web-apps/restya-board.nix @@ -9,11 +9,11 @@ with lib; let cfg = config.services.restya-board; + fpm = config.services.phpfpm.pools.${poolName}; runDir = "/run/restya-board"; poolName = "restya-board"; - phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; in @@ -180,7 +180,6 @@ in services.phpfpm.pools = { "${poolName}" = { - listen = phpfpmSocketName; phpOptions = '' date.timezone = "CET" @@ -241,7 +240,7 @@ in tryFiles = "$uri =404"; extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_pass unix:${phpfpmSocketName}; + fastcgi_pass unix:${fpm.socket}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; diff --git a/nixos/modules/services/web-apps/selfoss.nix b/nixos/modules/services/web-apps/selfoss.nix index 348febe661b..5b1fec4c3fc 100644 --- a/nixos/modules/services/web-apps/selfoss.nix +++ b/nixos/modules/services/web-apps/selfoss.nix @@ -4,7 +4,6 @@ let cfg = config.services.selfoss; poolName = "selfoss_pool"; - phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; dataDir = "/var/lib/selfoss"; @@ -118,7 +117,6 @@ in services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - listen = phpfpmSocketName; extraConfig = '' listen.owner = nginx listen.group = nginx diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 1bd9de93735..4f1cd384a40 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -521,7 +521,6 @@ let services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - listen = "/var/run/phpfpm/${poolName}.sock"; extraConfig = '' listen.owner = nginx listen.group = nginx @@ -552,7 +551,7 @@ let locations."~ \.php$" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.listen}; + fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket}; fastcgi_index index.php; ''; }; diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index a96ac052d00..75913640d72 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -14,7 +14,7 @@ let ${cfg.extraConfig} [${pool}] - listen = ${poolOpts.listen} + listen = ${poolOpts.socket} ${poolOpts.extraConfig} ''; @@ -29,11 +29,24 @@ let cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out ''; - poolOpts = { lib, ... }: + poolOpts = { lib, name, ... }: + let + poolOpts = cfg.pools."${name}"; + in { options = { + socket = mkOption { + type = types.str; + readOnly = true; + description = '' + Path to the unix socket file on which to accept FastCGI requests. + This option is read-only and managed by NixOS. + ''; + }; + listen = mkOption { type = types.str; + default = ""; example = "/path/to/unix/socket"; description = '' The address on which to accept FastCGI requests. @@ -77,6 +90,10 @@ let ''; }; }; + + config = { + socket = if poolOpts.listen == "" then "${stateDir}/${name}.sock" else poolOpts.listen; + }; }; in { @@ -121,7 +138,6 @@ in { example = literalExample '' { mypool = { - listen = "/path/to/unix/socket"; phpPackage = pkgs.php; extraConfig = ''' user = nobody @@ -144,6 +160,12 @@ in { config = mkIf (cfg.pools != {}) { + warnings = + mapAttrsToList (pool: poolOpts: '' + Using config.services.phpfpm.pools.${pool}.listen is deprecated and will become unsupported. Please reference the read-only option config.services.phpfpm.pools.${pool}.socket to access the path of your socket. + '') (filterAttrs (pool: poolOpts: poolOpts.listen != "") cfg.pools) + ; + systemd.slices.phpfpm = { description = "PHP FastCGI Process manager pools slice"; }; From a30a1e27953320f07f3db3589fd50c282689d683 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Fri, 2 Aug 2019 20:56:13 -0400 Subject: [PATCH 4/6] nixos/phpfpm: add user and group option to each pool --- nixos/modules/services/web-apps/limesurvey.nix | 3 +-- .../services/web-servers/phpfpm/default.nix | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index 0449b9dfd41..a407ba875f2 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -203,11 +203,10 @@ in }; services.phpfpm.pools.limesurvey = { + inherit user group; extraConfig = '' listen.owner = ${config.services.httpd.user}; listen.group = ${config.services.httpd.group}; - user = ${user}; - group = ${group}; env[LIMESURVEY_CONFIG] = ${limesurveyConfig} diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 75913640d72..385dbb9b62e 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -15,6 +15,8 @@ let [${pool}] listen = ${poolOpts.socket} + user = ${poolOpts.user} + group = ${poolOpts.group} ${poolOpts.extraConfig} ''; @@ -71,10 +73,19 @@ let ''; }; + user = mkOption { + type = types.str; + description = "User account under which this pool runs."; + }; + + group = mkOption { + type = types.str; + description = "Group account under which this pool runs."; + }; + extraConfig = mkOption { type = types.lines; example = '' - user = nobody pm = dynamic pm.max_children = 75 pm.start_servers = 10 @@ -93,6 +104,7 @@ let config = { socket = if poolOpts.listen == "" then "${stateDir}/${name}.sock" else poolOpts.listen; + group = mkDefault poolOpts.user; }; }; @@ -138,9 +150,10 @@ in { example = literalExample '' { mypool = { + user = "php"; + group = "php"; phpPackage = pkgs.php; extraConfig = ''' - user = nobody pm = dynamic pm.max_children = 75 pm.start_servers = 10 From d2db3a338c644bfa472005be61323b69b5d29419 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Thu, 1 Aug 2019 21:48:53 -0400 Subject: [PATCH 5/6] nixos/phpfpm: Use systemd's RuntimeDirectory --- nixos/modules/services/web-servers/phpfpm/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 385dbb9b62e..8e8616d925b 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.services.phpfpm; - stateDir = "/run/phpfpm"; + runtimeDir = "/run/phpfpm"; fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" '' [global] @@ -103,7 +103,7 @@ let }; config = { - socket = if poolOpts.listen == "" then "${stateDir}/${name}.sock" else poolOpts.listen; + socket = if poolOpts.listen == "" then "${runtimeDir}/${name}.sock" else poolOpts.listen; group = mkDefault poolOpts.user; }; }; @@ -194,9 +194,6 @@ in { after = [ "network.target" ]; wantedBy = [ "phpfpm.target" ]; partOf = [ "phpfpm.target" ]; - preStart = '' - mkdir -p ${stateDir} - ''; serviceConfig = let cfgFile = fpmCfgFile pool poolOpts; iniFile = phpIni poolOpts; @@ -210,6 +207,8 @@ in { Type = "notify"; ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; + RuntimeDirectory = "phpfpm"; + RuntimeDirectoryPreserve = true; # Relevant when multiple processes are running }; } ) cfg.pools; From 400c6aac71fb2e190769c288c098d05b258c7543 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 7 Aug 2019 22:36:49 -0400 Subject: [PATCH 6/6] nixos/phpfpm: deprecate extraConfig options in favor of settings options --- nixos/modules/services/mail/roundcube.nix | 38 +++--- nixos/modules/services/misc/zoneminder.nix | 30 ++--- .../web-apps/icingaweb2/icingaweb2.nix | 30 ++--- .../modules/services/web-apps/limesurvey.nix | 31 ++--- nixos/modules/services/web-apps/mediawiki.nix | 37 +++--- nixos/modules/services/web-apps/nextcloud.nix | 30 ++--- .../services/web-apps/restya-board.nix | 27 ++-- nixos/modules/services/web-apps/selfoss.nix | 26 ++-- nixos/modules/services/web-apps/tt-rss.nix | 26 ++-- nixos/modules/services/web-apps/wordpress.nix | 34 +++-- nixos/modules/services/web-apps/zabbix.nix | 34 +++-- .../services/web-servers/phpfpm/default.nix | 123 +++++++++++++----- 12 files changed, 254 insertions(+), 212 deletions(-) diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index 3bc1cf807ac..bdedfa1bb70 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.services.roundcube; + fpm = config.services.phpfpm.pools.roundcube; in { options.services.roundcube = { @@ -105,7 +106,7 @@ in extraConfig = '' location ~* \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/phpfpm/roundcube; + fastcgi_pass unix:${fpm.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; } @@ -120,24 +121,25 @@ in }; services.phpfpm.pools.roundcube = { - listen = "/run/phpfpm/roundcube"; - extraConfig = '' - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 20 - pm.max_requests = 500 - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - php_admin_value[post_max_size] = 25M - php_admin_value[upload_max_filesize] = 25M - catch_workers_output = yes + user = "nginx"; + phpOptions = '' + error_log = 'stderr' + log_errors = on + post_max_size = 25M + upload_max_filesize = 25M ''; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = true; + }; }; systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ]; diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index ee94d8a06b5..6e83d47df1c 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -283,29 +283,27 @@ in { phpfpm = lib.mkIf useNginx { pools.zoneminder = { + inherit user group; phpOptions = '' date.timezone = "${config.time.timeZone}" ${lib.concatStringsSep "\n" (map (e: "extension=${e.pkg}/lib/php/extensions/${e.name}.so") phpExtensions)} ''; - extraConfig = '' - user = ${user} - group = ${group} + settings = lib.mapAttrs (name: lib.mkDefault) { + "listen.owner" = user; + "listen.group" = group; + "listen.mode" = "0660"; - listen.owner = ${user} - listen.group = ${group} - listen.mode = 0660 - - pm = dynamic - pm.start_servers = 1 - pm.min_spare_servers = 1 - pm.max_spare_servers = 2 - pm.max_requests = 500 - pm.max_children = 5 - pm.status_path = /$pool-status - ping.path = /$pool-ping - ''; + "pm" = "dynamic"; + "pm.start_servers" = 1; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 2; + "pm.max_requests" = 500; + "pm.max_children" = 5; + "pm.status_path" = "/$pool-status"; + "ping.path" = "/$pool-ping"; + }; }; }; }; diff --git a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index 35a7badfd63..95c8fb16051 100644 --- a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -166,26 +166,24 @@ in { config = mkIf cfg.enable { services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - extraConfig = '' - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = icingaweb2 - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 10 + user = "icingaweb2"; + phpOptions = '' + extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so + date.timezone = "${cfg.timezone}" ''; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 10; + }; }; }; - services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}") - '' - extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so - date.timezone = "${cfg.timezone}" - ''; - systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ]; services.nginx = { diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index a407ba875f2..2797feb32eb 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -120,15 +120,15 @@ in }; poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 - ''; + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; description = '' Options for the LimeSurvey PHP pool. See the documentation on php-fpm.conf for details on configuration directives. @@ -204,14 +204,11 @@ in services.phpfpm.pools.limesurvey = { inherit user group; - extraConfig = '' - listen.owner = ${config.services.httpd.user}; - listen.group = ${config.services.httpd.group}; - - env[LIMESURVEY_CONFIG] = ${limesurveyConfig} - - ${cfg.poolConfig} - ''; + phpEnv.LIMESURVEY_CONFIG = "${limesurveyConfig}"; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; }; services.httpd = { diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 7fb28d35078..ec2568bf952 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -312,17 +312,17 @@ in }; poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 - ''; + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; description = '' - Options for MediaWiki's PHP pool. See the documentation on php-fpm.conf + Options for the MediaWiki PHP pool. See the documentation on php-fpm.conf for details on configuration directives. ''; }; @@ -379,17 +379,12 @@ in }; services.phpfpm.pools.mediawiki = { - listen = "/run/phpfpm/mediawiki.sock"; - extraConfig = '' - listen.owner = ${config.services.httpd.user} - listen.group = ${config.services.httpd.group} - user = ${user} - group = ${group} - - env[MEDIAWIKI_CONFIG] = ${mediawikiConfig} - - ${cfg.poolConfig} - ''; + inherit user group; + phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; }; services.httpd = { diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 966ee3104cc..ada14ad3929 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -411,24 +411,20 @@ in { }; services.phpfpm = { - pools.nextcloud = let - phpAdminValues = (toKeyValue - (foldr (a: b: a // b) {} - (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) - phpOptions))); - in { - phpOptions = phpOptionsExtensions; + pools.nextcloud = { + user = "nextcloud"; + group = "nginx"; + phpOptions = phpOptionsExtensions + phpOptionsStr; phpPackage = phpPackage; - extraConfig = '' - listen.owner = nginx - listen.group = nginx - user = nextcloud - group = nginx - ${cfg.poolConfig} - env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config - env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin - ${phpAdminValues} - ''; + phpEnv = { + NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; + PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; + }; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + }; + extraConfig = cfg.poolConfig; }; }; diff --git a/nixos/modules/services/web-apps/restya-board.nix b/nixos/modules/services/web-apps/restya-board.nix index 8d7938b5965..6a1b4143bc1 100644 --- a/nixos/modules/services/web-apps/restya-board.nix +++ b/nixos/modules/services/web-apps/restya-board.nix @@ -180,6 +180,7 @@ in services.phpfpm.pools = { "${poolName}" = { + inherit (cfg) user group; phpOptions = '' date.timezone = "CET" @@ -190,20 +191,18 @@ in auth_password = ${cfg.email.password} ''} ''; - extraConfig = '' - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = ${cfg.user} - group = ${cfg.group} - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = 1; + }; }; }; diff --git a/nixos/modules/services/web-apps/selfoss.nix b/nixos/modules/services/web-apps/selfoss.nix index 5b1fec4c3fc..56b7cafffe8 100644 --- a/nixos/modules/services/web-apps/selfoss.nix +++ b/nixos/modules/services/web-apps/selfoss.nix @@ -117,19 +117,19 @@ in services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - extraConfig = '' - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + user = "nginx"; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = 1; + }; }; }; diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 4f1cd384a40..59b0ee1addc 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -521,19 +521,19 @@ let services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { "${poolName}" = { - extraConfig = '' - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = ${cfg.user} - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + inherit (cfg) user; + settings = mapAttrs (name: mkDefault) { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = 1; + }; }; }; diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix index 624b0089a03..98dc8458818 100644 --- a/nixos/modules/services/web-apps/wordpress.nix +++ b/nixos/modules/services/web-apps/wordpress.nix @@ -216,15 +216,15 @@ let }; poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 - ''; + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; description = '' Options for the WordPress PHP pool. See the documentation on php-fpm.conf for details on configuration directives. @@ -280,15 +280,11 @@ in services.phpfpm.pools = mapAttrs' (hostName: cfg: ( nameValuePair "wordpress-${hostName}" { - listen = "/run/phpfpm/wordpress-${hostName}.sock"; - extraConfig = '' - listen.owner = ${config.services.httpd.user} - listen.group = ${config.services.httpd.group} - user = ${user} - group = ${group} - - ${cfg.poolConfig} - ''; + inherit user group; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; } )) eachSite; @@ -303,7 +299,7 @@ in - SetHandler "proxy:unix:/run/phpfpm/wordpress-${hostName}.sock|fcgi://localhost/" + SetHandler "proxy:unix:${config.services.phpfpm.pools."wordpress-${hostName}".socket}|fcgi://localhost/" diff --git a/nixos/modules/services/web-apps/zabbix.nix b/nixos/modules/services/web-apps/zabbix.nix index 4b5334579a9..fa358ffafbc 100644 --- a/nixos/modules/services/web-apps/zabbix.nix +++ b/nixos/modules/services/web-apps/zabbix.nix @@ -133,15 +133,15 @@ in }; poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 - ''; + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; description = '' Options for the Zabbix PHP pool. See the documentation on php-fpm.conf for details on configuration directives. ''; @@ -160,6 +160,8 @@ in ]; services.phpfpm.pools.zabbix = { + inherit user; + group = config.services.httpd.group; phpOptions = '' # https://www.zabbix.com/documentation/current/manual/installation/install memory_limit = 128M @@ -177,15 +179,11 @@ in '' + optionalString (cfg.database.type == "oracle") '' extension=${pkgs.phpPackages.oci8}/lib/php/extensions/oci8.so ''; - listen = "/run/phpfpm/zabbix.sock"; - extraConfig = '' - listen.owner = ${config.services.httpd.user}; - listen.group = ${config.services.httpd.group}; - user = ${user}; - group = ${config.services.httpd.group}; - env[ZABBIX_CONFIG] = ${zabbixConfig} - ${cfg.poolConfig} - ''; + phpEnv.ZABBIX_CONFIG = zabbixConfig; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; }; services.httpd = { diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 8e8616d925b..e95e71e0d99 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -7,17 +7,20 @@ let runtimeDir = "/run/phpfpm"; + toStr = value: + if true == value then "yes" + else if false == value then "no" + else toString value; + fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" '' [global] - error_log = syslog - daemonize = no - ${cfg.extraConfig} + ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)} + ${optionalString (cfg.extraConfig != null) cfg.extraConfig} [${pool}] - listen = ${poolOpts.socket} - user = ${poolOpts.user} - group = ${poolOpts.group} - ${poolOpts.extraConfig} + ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") poolOpts.settings)} + ${concatStringsSep "\n" (mapAttrsToList (n: v: "env[${n}] = ${toStr v}") poolOpts.phpEnv)} + ${optionalString (poolOpts.extraConfig != null) poolOpts.extraConfig} ''; phpIni = poolOpts: pkgs.runCommand "php.ini" { @@ -31,7 +34,7 @@ let cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out ''; - poolOpts = { lib, name, ... }: + poolOpts = { name, ... }: let poolOpts = cfg.pools."${name}"; in @@ -73,6 +76,22 @@ let ''; }; + phpEnv = lib.mkOption { + type = with types; attrsOf str; + default = {}; + description = '' + Environment variables used for this PHP-FPM pool. + ''; + example = literalExample '' + { + HOSTNAME = "$HOSTNAME"; + TMP = "/tmp"; + TMPDIR = "/tmp"; + TEMP = "/tmp"; + } + ''; + }; + user = mkOption { type = types.str; description = "User account under which this pool runs."; @@ -83,17 +102,30 @@ let description = "Group account under which this pool runs."; }; - extraConfig = mkOption { - type = types.lines; - example = '' - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 + settings = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = {}; + description = '' + PHP-FPM pool directives. Refer to the "List of pool directives" section of + + for details. Note that settings names must be enclosed in quotes (e.g. + "pm.max_children" instead of pm.max_children). ''; + example = literalExample '' + { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + } + ''; + }; + extraConfig = mkOption { + type = with types; nullOr lines; + default = null; description = '' Extra lines that go into the pool configuration. See the documentation on php-fpm.conf for @@ -105,6 +137,12 @@ let config = { socket = if poolOpts.listen == "" then "${runtimeDir}/${name}.sock" else poolOpts.listen; group = mkDefault poolOpts.user; + + settings = mapAttrs (name: mkDefault){ + listen = poolOpts.socket; + user = poolOpts.user; + group = poolOpts.group; + }; }; }; @@ -112,9 +150,22 @@ in { options = { services.phpfpm = { + settings = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = {}; + description = '' + PHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of + + for details. Note that settings names must be enclosed in quotes (e.g. + "pm.max_children" instead of pm.max_children). + You need not specify the options error_log or + daemonize here, since they are generated by NixOS. + ''; + }; + extraConfig = mkOption { - type = types.lines; - default = ""; + type = with types; nullOr lines; + default = null; description = '' Extra configuration that should be put in the global section of the PHP-FPM configuration file. Do not specify the options @@ -140,8 +191,9 @@ in { '' date.timezone = "CET" ''; - description = - "Options appended to the PHP configuration file php.ini."; + description = '' + Options appended to the PHP configuration file php.ini. + ''; }; pools = mkOption { @@ -153,13 +205,13 @@ in { user = "php"; group = "php"; phpPackage = pkgs.php; - extraConfig = ''' - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 + settings = ''' + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; '''; } }''; @@ -175,10 +227,21 @@ in { warnings = mapAttrsToList (pool: poolOpts: '' - Using config.services.phpfpm.pools.${pool}.listen is deprecated and will become unsupported. Please reference the read-only option config.services.phpfpm.pools.${pool}.socket to access the path of your socket. - '') (filterAttrs (pool: poolOpts: poolOpts.listen != "") cfg.pools) + Using config.services.phpfpm.pools.${pool}.listen is deprecated and will become unsupported in a future release. Please reference the read-only option config.services.phpfpm.pools.${pool}.socket to access the path of your socket. + '') (filterAttrs (pool: poolOpts: poolOpts.listen != "") cfg.pools) ++ + mapAttrsToList (pool: poolOpts: '' + Using config.services.phpfpm.pools.${pool}.extraConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.phpfpm.pools.${pool}.settings. + '') (filterAttrs (pool: poolOpts: poolOpts.extraConfig != null) cfg.pools) ++ + optional (cfg.extraConfig != null) '' + Using config.services.phpfpm.extraConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.phpfpm.settings. + '' ; + services.phpfpm.settings = { + error_log = "syslog"; + daemonize = false; + }; + systemd.slices.phpfpm = { description = "PHP FastCGI Process manager pools slice"; };