diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix new file mode 100644 index 000000000000..ffafbc5e92f2 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix @@ -0,0 +1,177 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.phpfpm; + enabled = cfg.poolConfigs != {} || cfg.pools != {}; + + stateDir = "/run/phpfpm"; + + poolConfigs = + (mapAttrs mapPoolConfig cfg.poolConfigs) // + (mapAttrs mapPool cfg.pools); + + mapPoolConfig = n: p: { + phpPackage = cfg.phpPackage; + phpOptions = cfg.phpOptions; + config = p; + }; + + mapPool = n: p: { + phpPackage = p.phpPackage; + phpOptions = p.phpOptions; + config = '' + listen = ${p.listen} + ${p.extraConfig} + ''; + }; + + fpmCfgFile = pool: conf: pkgs.writeText "phpfpm-${pool}.conf" '' + [global] + error_log = syslog + daemonize = no + ${cfg.extraConfig} + + [${pool}] + ${conf} + ''; + + phpIni = pool: pkgs.runCommand "php.ini" { + inherit (pool) phpPackage phpOptions; + preferLocalBuild = true; + nixDefaults = '' + sendmail_path = "/run/wrappers/bin/sendmail -t -i" + ''; + passAsFile = [ "nixDefaults" "phpOptions" ]; + } '' + cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out + ''; + +in { + + options = { + services.phpfpm = { + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra configuration that should be put in the global section of + the PHP-FPM configuration file. Do not specify the options + <literal>error_log</literal> or + <literal>daemonize</literal> here, since they are generated by + NixOS. + ''; + }; + + phpPackage = mkOption { + type = types.package; + default = pkgs.php; + defaultText = "pkgs.php"; + description = '' + The PHP package to use for running the PHP-FPM service. + ''; + }; + + phpOptions = mkOption { + type = types.lines; + default = ""; + example = + '' + date.timezone = "CET" + ''; + description = + "Options appended to the PHP configuration file <filename>php.ini</filename>."; + }; + + poolConfigs = mkOption { + default = {}; + type = types.attrsOf types.lines; + example = literalExample '' + { mypool = ''' + listen = /run/phpfpm/mypool + user = nobody + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + '''; + } + ''; + description = '' + A mapping between PHP-FPM pool names and their configurations. + See the documentation on <literal>php-fpm.conf</literal> for + details on configuration directives. If no pools are defined, + the phpfpm service is disabled. + ''; + }; + + pools = mkOption { + type = types.attrsOf (types.submodule (import ./pool-options.nix { + inherit lib config; + })); + default = {}; + example = literalExample '' + { + mypool = { + listen = "/path/to/unix/socket"; + phpPackage = pkgs.php; + extraConfig = ''' + user = nobody + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + '''; + } + }''; + description = '' + PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM + service is disabled. + ''; + }; + }; + }; + + config = mkIf enabled { + + systemd.slices.phpfpm = { + description = "PHP FastCGI Process manager pools slice"; + }; + + systemd.targets.phpfpm = { + description = "PHP FastCGI Process manager pools target"; + wantedBy = [ "multi-user.target" ]; + }; + + systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig: + nameValuePair "phpfpm-${pool}" { + description = "PHP FastCGI Process Manager service for pool ${pool}"; + after = [ "network.target" ]; + wantedBy = [ "phpfpm.target" ]; + partOf = [ "phpfpm.target" ]; + preStart = '' + mkdir -p ${stateDir} + ''; + serviceConfig = let + cfgFile = fpmCfgFile pool poolConfig.config; + iniFile = phpIni poolConfig; + in { + Slice = "phpfpm.slice"; + PrivateDevices = true; + ProtectSystem = "full"; + ProtectHome = true; + # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + Type = "notify"; + ExecStart = "${poolConfig.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; + }; + } + ); + }; +} |