merge config with unit for php-fpm
This commit is contained in:
parent
ba6f27b47c
commit
5ef3fdba89
11 changed files with 106 additions and 244 deletions
|
@ -21,15 +21,7 @@ let
|
|||
|
||||
mkNginxService = callPackage ./nginx/unit.nix {inherit utils;};
|
||||
|
||||
PHPConfig = callPackage ./php/config.nix {inherit utils;};
|
||||
mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;};
|
||||
|
||||
PHPFPMConfig = callPackage ./php-fpm/config.nix {inherit utils;};
|
||||
mkPHPFPMConfig = callPackage ./php-fpm/mkconfig.nix {inherit PHPFPMConfig;};
|
||||
PHPFPMService = callPackage ./php-fpm/unit.nix {inherit utils;};
|
||||
mkPHPFPMService = callPackage ./php-fpm/mkunit.nix {inherit PHPFPMService;};
|
||||
PHPFPMSiteConfig = callPackage ./php-fpm/siteconfig.nix {inherit utils;};
|
||||
mkPHPFPMSiteConfig = callPackage ./php-fpm/mksiteconfig.nix {inherit PHPFPMSiteConfig;};
|
||||
mkPHPFPMService = callPackage ./php-fpm/unit.nix {inherit utils;};
|
||||
|
||||
mkKeycloakService = callPackage ./keycloak/unit.nix {inherit utils;};
|
||||
|
||||
|
@ -44,8 +36,7 @@ let
|
|||
mkTtrssUpdateService = callPackage ./ttrss/mkupdate.nix {inherit TtrssUpdateService;};
|
||||
TtrssUpgradeDBService = callPackage ./ttrss/dbupgrade.nix {};
|
||||
mkTtrssUpgradeDBService = callPackage ./ttrss/mkdbupgrade.nix {inherit TtrssUpgradeDBService;};
|
||||
TtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {inherit utils;};
|
||||
mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/mk-normalize-headers.nix {inherit TtrssPHPNormalizeHeaders;};
|
||||
mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {};
|
||||
|
||||
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
|
||||
};
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ stdenv
|
||||
, pkgs
|
||||
, utils
|
||||
}:
|
||||
{ configDir ? "/etc/php"
|
||||
, configFile ? "php-fpm.conf"
|
||||
, siteConfigDir ? "${configFile}/conf.d"
|
||||
, logLevel ? "notice"
|
||||
}:
|
||||
{ ... # Depends on whatever
|
||||
}:
|
||||
|
||||
utils.mkConfigFile {
|
||||
name = configFile;
|
||||
dir = configDir;
|
||||
content = ''
|
||||
[global]
|
||||
error_log = syslog
|
||||
syslog.ident = php-fpm
|
||||
log_level = ${logLevel}
|
||||
include=${siteConfigDir}/*
|
||||
'';
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
{ PHPFPMConfig
|
||||
}:
|
||||
{ name
|
||||
, configDir
|
||||
, configFile
|
||||
, siteConfigDir
|
||||
, dependsOn ? {}
|
||||
}:
|
||||
|
||||
{
|
||||
inherit name configDir configFile;
|
||||
inherit siteConfigDir;
|
||||
|
||||
pkg = PHPFPMConfig {
|
||||
inherit configDir configFile siteConfigDir;
|
||||
};
|
||||
|
||||
inherit dependsOn;
|
||||
type = "fileset";
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{ PHPFPMSiteConfig
|
||||
}:
|
||||
{ PHPFPMConfig
|
||||
, user
|
||||
, group
|
||||
, name
|
||||
, phpConfigDir
|
||||
, siteName
|
||||
, siteRoot
|
||||
, siteSocket
|
||||
, socketUser
|
||||
, socketGroup
|
||||
, dependsOn ? {}
|
||||
, connectsTo ? {}
|
||||
}:
|
||||
rec {
|
||||
inherit name user group siteSocket;
|
||||
|
||||
pkg = PHPFPMSiteConfig {
|
||||
inherit (PHPFPMConfig) siteConfigDir;
|
||||
inherit user group;
|
||||
inherit siteSocket phpConfigDir socketUser socketGroup;
|
||||
|
||||
service = siteName;
|
||||
serviceRoot = siteRoot;
|
||||
allowedClients = "127.0.0.1";
|
||||
};
|
||||
|
||||
inherit dependsOn connectsTo;
|
||||
type = "fileset";
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ PHPFPMService
|
||||
}:
|
||||
{ name
|
||||
, configDir
|
||||
, configFile
|
||||
, phpIniConfigDir
|
||||
, phpIniConfigFile
|
||||
, runtimeDirectory
|
||||
, serviceSuffix
|
||||
, dependsOn ? {}
|
||||
}:
|
||||
|
||||
{
|
||||
inherit name configDir configFile;
|
||||
inherit phpIniConfigDir phpIniConfigFile;
|
||||
inherit runtimeDirectory;
|
||||
|
||||
pkg = PHPFPMService {
|
||||
inherit serviceSuffix;
|
||||
configFile = "${configDir}/${configFile}";
|
||||
phpIni = "${phpIniConfigDir}/${phpIniConfigFile}";
|
||||
};
|
||||
|
||||
inherit dependsOn;
|
||||
type = "systemd-unit";
|
||||
}
|
|
@ -1,11 +1,7 @@
|
|||
{ stdenv
|
||||
, pkgs
|
||||
, utils
|
||||
}:
|
||||
{ phpConfigDir
|
||||
, siteConfigDir
|
||||
, service
|
||||
, serviceRoot ? "/usr/share/webapps/${service}"
|
||||
{ pkgs
|
||||
, siteName
|
||||
, logLevel ? "notice"
|
||||
, siteRoot ? "/usr/share/webapps/${siteName}"
|
||||
, user
|
||||
, group
|
||||
, siteSocket
|
||||
|
@ -18,16 +14,13 @@
|
|||
, startServers ? 2
|
||||
, minSpareServers ? 1
|
||||
, maxSpareServers ? 3
|
||||
}:
|
||||
{ ... # Depends on whatever
|
||||
}:
|
||||
}: pkgs.writeText "php-fpm-${siteName}.conf" ''
|
||||
[global]
|
||||
error_log = syslog
|
||||
syslog.ident = php-fpm
|
||||
log_level = ${logLevel}
|
||||
|
||||
utils.mkConfigFile {
|
||||
name = "${service}.conf";
|
||||
dir = siteConfigDir;
|
||||
content = ''
|
||||
[${service}]
|
||||
|
||||
[${siteName}]
|
||||
user = ${user}
|
||||
group = ${group}
|
||||
listen = ${siteSocket}
|
||||
|
@ -38,7 +31,7 @@ utils.mkConfigFile {
|
|||
env[PATH] = /usr/local/bin:/usr/bin:/bin
|
||||
env[TMP] = /tmp
|
||||
|
||||
chdir = ${serviceRoot}
|
||||
chdir = ${siteRoot}
|
||||
|
||||
pm = dynamic
|
||||
|
||||
|
@ -50,5 +43,4 @@ utils.mkConfigFile {
|
|||
catch_workers_output = yes
|
||||
|
||||
pm.status_path = ${statusPath}
|
||||
'';
|
||||
}
|
||||
''
|
|
@ -1,18 +1,9 @@
|
|||
{ stdenv
|
||||
{ lib
|
||||
, pkgs
|
||||
, lib
|
||||
, utils
|
||||
}:
|
||||
{ configDir ? "/etc/php"
|
||||
, configFile ? "php.ini"
|
||||
|
||||
, siteName
|
||||
, prependFile ? null
|
||||
}:
|
||||
{ ... # Depends on whatever
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
extensions = [
|
||||
, extensions ? [
|
||||
# "bcmath"
|
||||
# "curl"
|
||||
# "gd"
|
||||
|
@ -27,22 +18,20 @@ let
|
|||
# "soap"
|
||||
# "sqlite3"
|
||||
# "zip"
|
||||
];
|
||||
|
||||
zend_extensions = [
|
||||
]
|
||||
, zend_extensions ? [
|
||||
# "opcache"
|
||||
];
|
||||
]
|
||||
}:
|
||||
|
||||
let
|
||||
concatWithPrefix = prefix: content:
|
||||
lib.strings.concatMapStrings
|
||||
(x: prefix + x + "\n")
|
||||
content;
|
||||
in
|
||||
|
||||
utils.mkConfigFile {
|
||||
name = configFile;
|
||||
dir = configDir;
|
||||
content = ''
|
||||
pkgs.writeText "php-${siteName}.ini" ''
|
||||
[PHP]
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
|
@ -103,5 +92,4 @@ utils.mkConfigFile {
|
|||
; opcache.memory_consumption=128
|
||||
; opcache.interned_strings_buffer=16
|
||||
; opcache.max_accelerated_files=20000
|
||||
'';
|
||||
}
|
||||
''
|
117
php-fpm/unit.nix
117
php-fpm/unit.nix
|
@ -2,52 +2,85 @@
|
|||
, pkgs
|
||||
, utils
|
||||
}:
|
||||
{ serviceSuffix
|
||||
, configFile ? "/etc/php/php-fpm.conf"
|
||||
, phpIni ? "/etc/php/php.ini"
|
||||
{ name
|
||||
, siteName
|
||||
, user
|
||||
, group
|
||||
, socketUser
|
||||
, socketGroup
|
||||
, runtimeDirectory ? "/run/${siteName}"
|
||||
, phpIniConfig ? {}
|
||||
, siteConfig ? {}
|
||||
, extensions ? []
|
||||
, zend_extensions ? []
|
||||
|
||||
, dependsOn ? {}
|
||||
}:
|
||||
{...}:
|
||||
|
||||
let
|
||||
phpIniFile = pkgs.callPackage (import ./php-ini.nix) {
|
||||
inherit siteName;
|
||||
inherit extensions zend_extensions;
|
||||
} // phpIniConfig;
|
||||
|
||||
siteSocket = "${runtimeDirectory}/${siteName}.sock";
|
||||
|
||||
siteConfigFile = pkgs.callPackage (import ./php-fpm.nix) {
|
||||
inherit siteName;
|
||||
inherit user group;
|
||||
inherit siteSocket socketUser socketGroup;
|
||||
} // siteConfig;
|
||||
in
|
||||
# This service runs as root, each pool runs as a user.
|
||||
{
|
||||
inherit name;
|
||||
inherit user group;
|
||||
inherit socketUser socketGroup;
|
||||
|
||||
utils.systemd.mkService rec {
|
||||
name = "php-fpm-${serviceSuffix}";
|
||||
inherit siteSocket;
|
||||
|
||||
content = ''
|
||||
[Unit]
|
||||
Description=The PHP FastCGI Process Manager
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
PIDFile=/run/${serviceSuffix}/php-fpm.pid
|
||||
ExecStart=${pkgs.php}/bin/php-fpm --nodaemonize --fpm-config ${configFile} --php-ini ${phpIni}
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
pkg = utils.systemd.mkService rec {
|
||||
name = "php-fpm-${siteName}";
|
||||
|
||||
# Keeping this around to avoid uncommenting them. These directories
|
||||
# are handled through tmpfiles.d.
|
||||
#
|
||||
# RuntimeDirectory=${serviceSuffix}
|
||||
# StateDirectory=${serviceSuffix}
|
||||
|
||||
LockPersonality=true
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectSystem=full
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
'';
|
||||
content = ''
|
||||
[Unit]
|
||||
Description=The PHP FastCGI Process Manager
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
PIDFile=/run/${siteName}/php-fpm.pid
|
||||
ExecStart=${pkgs.php}/bin/php-fpm --nodaemonize --fpm-config ${siteConfigFile} --php-ini ${phpIniFile}
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
|
||||
# Keeping this around to avoid uncommenting them. These directories
|
||||
# are handled through tmpfiles.d.
|
||||
#
|
||||
# RuntimeDirectory=${siteName}
|
||||
# StateDirectory=${siteName}
|
||||
|
||||
LockPersonality=true
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectSystem=full
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
'';
|
||||
};
|
||||
|
||||
inherit dependsOn;
|
||||
type = "systemd-unit";
|
||||
}
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
{ PHPConfig
|
||||
}:
|
||||
{ name
|
||||
, configDir
|
||||
, configFile
|
||||
, pkgExtraArguments ? {}
|
||||
, dependsOn ? {}
|
||||
}:
|
||||
rec {
|
||||
inherit name configDir configFile;
|
||||
inherit dependsOn;
|
||||
|
||||
pkg = PHPConfig ({
|
||||
inherit configDir configFile;
|
||||
} // pkgExtraArguments);
|
||||
|
||||
type = "fileset";
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
{ TtrssPHPNormalizeHeaders
|
||||
}:
|
||||
{ name
|
||||
, configDir ? "/etc/php"
|
||||
, configFile ? "normalize-headers.php"
|
||||
|
||||
, debug ? false
|
||||
}:
|
||||
rec {
|
||||
inherit name configDir configFile;
|
||||
|
||||
pkg = TtrssPHPNormalizeHeaders {
|
||||
inherit configDir configFile;
|
||||
inherit debug;
|
||||
};
|
||||
type = "fileset";
|
||||
}
|
|
@ -1,17 +1,9 @@
|
|||
{ stdenv
|
||||
, pkgs
|
||||
, utils
|
||||
{ pkgs
|
||||
}:
|
||||
{ configDir ? "/etc/php"
|
||||
, configFile ? "normalize-headers.php"
|
||||
|
||||
, debug ? false
|
||||
{ debug ? false
|
||||
}:
|
||||
|
||||
utils.mkConfigFile {
|
||||
name = configFile;
|
||||
dir = configDir;
|
||||
content = ''
|
||||
pkgs.writeText "normalize-headers.php" (''
|
||||
<?php
|
||||
|
||||
$trustedProxies = array(
|
||||
|
@ -51,5 +43,6 @@ utils.mkConfigFile {
|
|||
}
|
||||
'' + (if !debug then "" else ''
|
||||
trigger_error(print_r($_SERVER, true), E_USER_WARNING);
|
||||
'');
|
||||
}
|
||||
'')
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in a new issue