diff options
| -rw-r--r-- | nixos/modules/rename.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/services/mail/roundcube.nix | 38 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix | 28 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/matomo.nix | 22 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/selfoss.nix | 32 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/phpfpm/default.nix | 67 |
6 files changed, 79 insertions, 111 deletions
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index e32fa6fded4..65014b4beed 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -178,6 +178,9 @@ with lib; The starting time can be configured via <literal>services.postgresqlBackup.startAt</literal>. '') + # phpfpm + (mkRemovedOptionModule [ "services" "phpfpm" "poolConfigs" ] "Use services.phpfpm.pools instead.") + # zabbixServer (mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ]) diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index e8b2e11bf72..3bc1cf807ac 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -119,24 +119,26 @@ in enable = true; }; - services.phpfpm.poolConfigs.roundcube = '' - listen = /run/phpfpm/roundcube - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 20 - pm.max_requests = 500 - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - php_admin_value[post_max_size] = 25M - php_admin_value[upload_max_filesize] = 25M - catch_workers_output = yes - ''; + services.phpfpm.pools.roundcube = { + listen = "/run/phpfpm/roundcube"; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0660 + user = nginx + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 20 + pm.max_requests = 500 + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + php_admin_value[post_max_size] = 25M + php_admin_value[upload_max_filesize] = 25M + catch_workers_output = yes + ''; + }; systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ]; systemd.services.roundcube-setup = let diff --git a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index 6740131dccd..4c7736b8887 100644 --- a/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -164,19 +164,21 @@ in { }; config = mkIf cfg.enable { - services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { - "${poolName}" = '' - listen = "${phpfpmSocketName}" - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = icingaweb2 - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 10 - ''; + services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { + "${poolName}" = { + listen = phpfpmSocketName; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = icingaweb2 + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 10 + ''; + }; }; services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}") diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 14aca45a342..bf8b9dbcc21 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -225,22 +225,24 @@ in { serviceConfig.UMask = "0007"; }; - services.phpfpm.poolConfigs = let + services.phpfpm.pools = let # workaround for when both are null and need to generate a string, # which is illegal, but as assertions apparently are being triggered *after* config generation, # we have to avoid already throwing errors at this previous stage. socketOwner = if (cfg.nginx != null) then config.services.nginx.user else if (cfg.webServerUser != null) then cfg.webServerUser else ""; in { - ${pool} = '' - listen = "${phpSocket}" - listen.owner = ${socketOwner} - listen.group = root - listen.mode = 0600 - user = ${user} - env[PIWIK_USER_PATH] = ${dataDir} - ${cfg.phpfpmProcessManagerConfig} - ''; + ${pool} = { + listen = phpSocket; + extraConfig = '' + listen.owner = ${socketOwner} + listen.group = root + listen.mode = 0600 + user = ${user} + env[PIWIK_USER_PATH] = ${dataDir} + ${cfg.phpfpmProcessManagerConfig} + ''; + }; }; diff --git a/nixos/modules/services/web-apps/selfoss.nix b/nixos/modules/services/web-apps/selfoss.nix index cd0f743a5fb..348febe661b 100644 --- a/nixos/modules/services/web-apps/selfoss.nix +++ b/nixos/modules/services/web-apps/selfoss.nix @@ -116,21 +116,23 @@ in config = mkIf cfg.enable { - services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { - "${poolName}" = '' - listen = "${phpfpmSocketName}"; - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { + "${poolName}" = { + listen = phpfpmSocketName; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = nginx + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + catch_workers_output = 1 + ''; + }; }; systemd.services.selfoss-config = { diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index ffafbc5e92f..9db3a058d6d 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -4,41 +4,22 @@ with lib; let cfg = config.services.phpfpm; - enabled = cfg.poolConfigs != {} || cfg.pools != {}; stateDir = "/run/phpfpm"; - poolConfigs = - (mapAttrs mapPoolConfig cfg.poolConfigs) // - (mapAttrs mapPool cfg.pools); - - mapPoolConfig = n: p: { - phpPackage = cfg.phpPackage; - phpOptions = cfg.phpOptions; - config = p; - }; - - mapPool = n: p: { - phpPackage = p.phpPackage; - phpOptions = p.phpOptions; - config = '' - listen = ${p.listen} - ${p.extraConfig} - ''; - }; - - fpmCfgFile = pool: conf: pkgs.writeText "phpfpm-${pool}.conf" '' + fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" '' [global] error_log = syslog daemonize = no ${cfg.extraConfig} [${pool}] - ${conf} + listen = ${poolOpts.listen} + ${poolOpts.extraConfig} ''; - phpIni = pool: pkgs.runCommand "php.ini" { - inherit (pool) phpPackage phpOptions; + phpIni = poolOpts: pkgs.runCommand "php.ini" { + inherit (poolOpts) phpPackage phpOptions; preferLocalBuild = true; nixDefaults = '' sendmail_path = "/run/wrappers/bin/sendmail -t -i" @@ -84,30 +65,6 @@ in { "Options appended to the PHP configuration file <filename>php.ini</filename>."; }; - poolConfigs = mkOption { - default = {}; - type = types.attrsOf types.lines; - example = literalExample '' - { mypool = ''' - listen = /run/phpfpm/mypool - user = nobody - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - '''; - } - ''; - description = '' - A mapping between PHP-FPM pool names and their configurations. - See the documentation on <literal>php-fpm.conf</literal> for - details on configuration directives. If no pools are defined, - the phpfpm service is disabled. - ''; - }; - pools = mkOption { type = types.attrsOf (types.submodule (import ./pool-options.nix { inherit lib config; @@ -130,14 +87,14 @@ in { } }''; description = '' - PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM + PHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled. ''; }; }; }; - config = mkIf enabled { + config = mkIf (cfg.pools != {}) { systemd.slices.phpfpm = { description = "PHP FastCGI Process manager pools slice"; @@ -148,7 +105,7 @@ in { wantedBy = [ "multi-user.target" ]; }; - systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig: + systemd.services = mapAttrs' (pool: poolOpts: nameValuePair "phpfpm-${pool}" { description = "PHP FastCGI Process Manager service for pool ${pool}"; after = [ "network.target" ]; @@ -158,8 +115,8 @@ in { mkdir -p ${stateDir} ''; serviceConfig = let - cfgFile = fpmCfgFile pool poolConfig.config; - iniFile = phpIni poolConfig; + cfgFile = fpmCfgFile pool poolOpts; + iniFile = phpIni poolOpts; in { Slice = "phpfpm.slice"; PrivateDevices = true; @@ -168,10 +125,10 @@ in { # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; Type = "notify"; - ExecStart = "${poolConfig.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; + ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; }; } - ); + ) cfg.pools; }; } |