1
0
Fork 0

merge config with unit for php-fpm

This commit is contained in:
ibizaman 2023-01-14 21:51:11 -08:00
parent ba6f27b47c
commit 5ef3fdba89
11 changed files with 106 additions and 244 deletions

View file

@ -21,15 +21,7 @@ let
mkNginxService = callPackage ./nginx/unit.nix {inherit utils;};
PHPConfig = callPackage ./php/config.nix {inherit utils;};
mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;};
PHPFPMConfig = callPackage ./php-fpm/config.nix {inherit utils;};
mkPHPFPMConfig = callPackage ./php-fpm/mkconfig.nix {inherit PHPFPMConfig;};
PHPFPMService = callPackage ./php-fpm/unit.nix {inherit utils;};
mkPHPFPMService = callPackage ./php-fpm/mkunit.nix {inherit PHPFPMService;};
PHPFPMSiteConfig = callPackage ./php-fpm/siteconfig.nix {inherit utils;};
mkPHPFPMSiteConfig = callPackage ./php-fpm/mksiteconfig.nix {inherit PHPFPMSiteConfig;};
mkPHPFPMService = callPackage ./php-fpm/unit.nix {inherit utils;};
mkKeycloakService = callPackage ./keycloak/unit.nix {inherit utils;};
@ -44,8 +36,7 @@ let
mkTtrssUpdateService = callPackage ./ttrss/mkupdate.nix {inherit TtrssUpdateService;};
TtrssUpgradeDBService = callPackage ./ttrss/dbupgrade.nix {};
mkTtrssUpgradeDBService = callPackage ./ttrss/mkdbupgrade.nix {inherit TtrssUpgradeDBService;};
TtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {inherit utils;};
mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/mk-normalize-headers.nix {inherit TtrssPHPNormalizeHeaders;};
mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {};
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
};

View file

@ -1,23 +0,0 @@
{ stdenv
, pkgs
, utils
}:
{ configDir ? "/etc/php"
, configFile ? "php-fpm.conf"
, siteConfigDir ? "${configFile}/conf.d"
, logLevel ? "notice"
}:
{ ... # Depends on whatever
}:
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = ''
[global]
error_log = syslog
syslog.ident = php-fpm
log_level = ${logLevel}
include=${siteConfigDir}/*
'';
}

View file

@ -1,20 +0,0 @@
{ PHPFPMConfig
}:
{ name
, configDir
, configFile
, siteConfigDir
, dependsOn ? {}
}:
{
inherit name configDir configFile;
inherit siteConfigDir;
pkg = PHPFPMConfig {
inherit configDir configFile siteConfigDir;
};
inherit dependsOn;
type = "fileset";
}

View file

@ -1,31 +0,0 @@
{ PHPFPMSiteConfig
}:
{ PHPFPMConfig
, user
, group
, name
, phpConfigDir
, siteName
, siteRoot
, siteSocket
, socketUser
, socketGroup
, dependsOn ? {}
, connectsTo ? {}
}:
rec {
inherit name user group siteSocket;
pkg = PHPFPMSiteConfig {
inherit (PHPFPMConfig) siteConfigDir;
inherit user group;
inherit siteSocket phpConfigDir socketUser socketGroup;
service = siteName;
serviceRoot = siteRoot;
allowedClients = "127.0.0.1";
};
inherit dependsOn connectsTo;
type = "fileset";
}

View file

@ -1,26 +0,0 @@
{ PHPFPMService
}:
{ name
, configDir
, configFile
, phpIniConfigDir
, phpIniConfigFile
, runtimeDirectory
, serviceSuffix
, dependsOn ? {}
}:
{
inherit name configDir configFile;
inherit phpIniConfigDir phpIniConfigFile;
inherit runtimeDirectory;
pkg = PHPFPMService {
inherit serviceSuffix;
configFile = "${configDir}/${configFile}";
phpIni = "${phpIniConfigDir}/${phpIniConfigFile}";
};
inherit dependsOn;
type = "systemd-unit";
}

View file

@ -1,11 +1,7 @@
{ stdenv
, pkgs
, utils
}:
{ phpConfigDir
, siteConfigDir
, service
, serviceRoot ? "/usr/share/webapps/${service}"
{ pkgs
, siteName
, logLevel ? "notice"
, siteRoot ? "/usr/share/webapps/${siteName}"
, user
, group
, siteSocket
@ -18,16 +14,13 @@
, startServers ? 2
, minSpareServers ? 1
, maxSpareServers ? 3
}:
{ ... # Depends on whatever
}:
}: pkgs.writeText "php-fpm-${siteName}.conf" ''
[global]
error_log = syslog
syslog.ident = php-fpm
log_level = ${logLevel}
utils.mkConfigFile {
name = "${service}.conf";
dir = siteConfigDir;
content = ''
[${service}]
[${siteName}]
user = ${user}
group = ${group}
listen = ${siteSocket}
@ -38,7 +31,7 @@ utils.mkConfigFile {
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
chdir = ${serviceRoot}
chdir = ${siteRoot}
pm = dynamic
@ -50,5 +43,4 @@ utils.mkConfigFile {
catch_workers_output = yes
pm.status_path = ${statusPath}
'';
}
''

View file

@ -1,18 +1,9 @@
{ stdenv
{ lib
, pkgs
, lib
, utils
}:
{ configDir ? "/etc/php"
, configFile ? "php.ini"
, siteName
, prependFile ? null
}:
{ ... # Depends on whatever
}:
let
extensions = [
, extensions ? [
# "bcmath"
# "curl"
# "gd"
@ -27,22 +18,20 @@ let
# "soap"
# "sqlite3"
# "zip"
];
zend_extensions = [
]
, zend_extensions ? [
# "opcache"
];
]
}:
let
concatWithPrefix = prefix: content:
lib.strings.concatMapStrings
(x: prefix + x + "\n")
content;
in
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = ''
pkgs.writeText "php-${siteName}.ini" ''
[PHP]
engine = On
short_open_tag = Off
@ -103,5 +92,4 @@ utils.mkConfigFile {
; opcache.memory_consumption=128
; opcache.interned_strings_buffer=16
; opcache.max_accelerated_files=20000
'';
}
''

View file

@ -2,52 +2,85 @@
, pkgs
, utils
}:
{ serviceSuffix
, configFile ? "/etc/php/php-fpm.conf"
, phpIni ? "/etc/php/php.ini"
{ name
, siteName
, user
, group
, socketUser
, socketGroup
, runtimeDirectory ? "/run/${siteName}"
, phpIniConfig ? {}
, siteConfig ? {}
, extensions ? []
, zend_extensions ? []
, dependsOn ? {}
}:
{...}:
let
phpIniFile = pkgs.callPackage (import ./php-ini.nix) {
inherit siteName;
inherit extensions zend_extensions;
} // phpIniConfig;
siteSocket = "${runtimeDirectory}/${siteName}.sock";
siteConfigFile = pkgs.callPackage (import ./php-fpm.nix) {
inherit siteName;
inherit user group;
inherit siteSocket socketUser socketGroup;
} // siteConfig;
in
# This service runs as root, each pool runs as a user.
{
inherit name;
inherit user group;
inherit socketUser socketGroup;
utils.systemd.mkService rec {
name = "php-fpm-${serviceSuffix}";
inherit siteSocket;
content = ''
[Unit]
Description=The PHP FastCGI Process Manager
After=network.target
[Service]
Type=notify
PIDFile=/run/${serviceSuffix}/php-fpm.pid
ExecStart=${pkgs.php}/bin/php-fpm --nodaemonize --fpm-config ${configFile} --php-ini ${phpIni}
ExecReload=/bin/kill -USR2 $MAINPID
pkg = utils.systemd.mkService rec {
name = "php-fpm-${siteName}";
# Keeping this around to avoid uncommenting them. These directories
# are handled through tmpfiles.d.
#
# RuntimeDirectory=${serviceSuffix}
# StateDirectory=${serviceSuffix}
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
[Install]
WantedBy=multi-user.target
'';
content = ''
[Unit]
Description=The PHP FastCGI Process Manager
After=network.target
[Service]
Type=notify
PIDFile=/run/${siteName}/php-fpm.pid
ExecStart=${pkgs.php}/bin/php-fpm --nodaemonize --fpm-config ${siteConfigFile} --php-ini ${phpIniFile}
ExecReload=/bin/kill -USR2 $MAINPID
# Keeping this around to avoid uncommenting them. These directories
# are handled through tmpfiles.d.
#
# RuntimeDirectory=${siteName}
# StateDirectory=${siteName}
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
[Install]
WantedBy=multi-user.target
'';
};
inherit dependsOn;
type = "systemd-unit";
}

View file

@ -1,18 +0,0 @@
{ PHPConfig
}:
{ name
, configDir
, configFile
, pkgExtraArguments ? {}
, dependsOn ? {}
}:
rec {
inherit name configDir configFile;
inherit dependsOn;
pkg = PHPConfig ({
inherit configDir configFile;
} // pkgExtraArguments);
type = "fileset";
}

View file

@ -1,17 +0,0 @@
{ TtrssPHPNormalizeHeaders
}:
{ name
, configDir ? "/etc/php"
, configFile ? "normalize-headers.php"
, debug ? false
}:
rec {
inherit name configDir configFile;
pkg = TtrssPHPNormalizeHeaders {
inherit configDir configFile;
inherit debug;
};
type = "fileset";
}

View file

@ -1,17 +1,9 @@
{ stdenv
, pkgs
, utils
{ pkgs
}:
{ configDir ? "/etc/php"
, configFile ? "normalize-headers.php"
, debug ? false
{ debug ? false
}:
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = ''
pkgs.writeText "normalize-headers.php" (''
<?php
$trustedProxies = array(
@ -51,5 +43,6 @@ utils.mkConfigFile {
}
'' + (if !debug then "" else ''
trigger_error(print_r($_SERVER, true), E_USER_WARNING);
'');
}
'')
)