nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.phpfpm;

  stateDir = "/run/phpfpm";

  fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" ''
    [global]
    error_log = syslog
    daemonize = no
    ${cfg.extraConfig}

    [${pool}]
    listen = ${poolOpts.listen}
    ${poolOpts.extraConfig}
  '';

  phpIni = poolOpts: pkgs.runCommand "php.ini" {
    inherit (poolOpts) phpPackage phpOptions;
    preferLocalBuild = true;
    nixDefaults = ''
      sendmail_path = "/run/wrappers/bin/sendmail -t -i"
    '';
    passAsFile = [ "nixDefaults" "phpOptions" ];
  } ''
    cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out
  '';

in {

  options = {
    services.phpfpm = {
      extraConfig = mkOption {
        type = types.lines;
        default = "";
        description = ''
          Extra configuration that should be put in the global section of
          the PHP-FPM configuration file. Do not specify the options
          <literal>error_log</literal> or
          <literal>daemonize</literal> here, since they are generated by
          NixOS.
        '';
      };

      phpPackage = mkOption {
        type = types.package;
        default = pkgs.php;
        defaultText = "pkgs.php";
        description = ''
          The PHP package to use for running the PHP-FPM service.
        '';
      };

      phpOptions = mkOption {
        type = types.lines;
        default = "";
        example =
          ''
            date.timezone = "CET"
          '';
        description =
          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
      };

      pools = mkOption {
        type = types.attrsOf (types.submodule (import ./pool-options.nix {
          inherit lib config;
        }));
        default = {};
        example = literalExample ''
         {
           mypool = {
             listen = "/path/to/unix/socket";
             phpPackage = pkgs.php;
             extraConfig = '''
               user = nobody
               pm = dynamic
               pm.max_children = 75
               pm.start_servers = 10
               pm.min_spare_servers = 5
               pm.max_spare_servers = 20
               pm.max_requests = 500
             ''';
           }
         }'';
        description = ''
          PHP-FPM pools. If no pools are defined, the PHP-FPM
          service is disabled.
        '';
      };
    };
  };

  config = mkIf (cfg.pools != {}) {

    systemd.slices.phpfpm = {
      description = "PHP FastCGI Process manager pools slice";
    };

    systemd.targets.phpfpm = {
      description = "PHP FastCGI Process manager pools target";
      wantedBy = [ "multi-user.target" ];
    };

    systemd.services = mapAttrs' (pool: poolOpts:
      nameValuePair "phpfpm-${pool}" {
        description = "PHP FastCGI Process Manager service for pool ${pool}";
        after = [ "network.target" ];
        wantedBy = [ "phpfpm.target" ];
        partOf = [ "phpfpm.target" ];
        preStart = ''
          mkdir -p ${stateDir}
        '';
        serviceConfig = let
          cfgFile = fpmCfgFile pool poolOpts;
          iniFile = phpIni poolOpts;
        in {
          Slice = "phpfpm.slice";
          PrivateDevices = true;
          ProtectSystem = "full";
          ProtectHome = true;
          # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
          Type = "notify";
          ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}";
          ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
        };
      }
    ) cfg.pools;
  };
}
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 14:26:48 +00:00			`{ config, lib, pkgs, ... }:`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 14:26:48 +00:00			`with lib;`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00
			`let`
			`cfg = config.services.phpfpm;`

Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`stateDir = "/run/phpfpm";`

nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`fpmCfgFile = pool: poolOpts: pkgs.writeText "phpfpm-${pool}.conf" ''`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`[global]`
			`error_log = syslog`
php fpm: add systemd support PHP FPM will now notify systemd when it's done initializing and ready to serve requests. Additionally ```systemctl status phpfpm``` will now show statistics such as: ``` Status: "Processes active: 0, idle: 8, Requests: 0, slow: 0, Traffic: 0req/sec" ``` 2016-10-05 15:30:31 +00:00			`daemonize = no`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`${cfg.extraConfig}`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`[${pool}]`
nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`listen = ${poolOpts.listen}`
			`${poolOpts.extraConfig}`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`'';`

nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`phpIni = poolOpts: pkgs.runCommand "php.ini" {`
			`inherit (poolOpts) phpPackage phpOptions;`
nixos: add preferLocalBuild=true; on derivations for config files 2018-11-08 10:59:03 +00:00			`preferLocalBuild = true;`
phpfpm module: set correct nixos sendmail path 2017-03-09 19:19:28 +00:00			`nixDefaults = ''`
			`sendmail_path = "/run/wrappers/bin/sendmail -t -i"`
			`'';`
			`passAsFile = [ "nixDefaults" "phpOptions" ];`
phpfpm: eliminate build at evaluation time phpfpm currently uses `readFile` to read the php.ini file from the phpPackage. This causes php to be build at evaluation time. This eliminates the use of readFile and builds the php.ini at build time. 2017-02-26 12:29:46 +00:00			`} ''`
phpfpm module: set correct nixos sendmail path 2017-03-09 19:19:28 +00:00			`cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out`
php: add default php.ini 2016-04-29 06:26:20 +00:00			`'';`

Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`in {`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`options = {`
			`services.phpfpm = {`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`extraConfig = mkOption {`
phpfpm module: Make extraConfig and poolConfigs mergeable by switching option type to types.lines 2014-03-12 10:45:31 +00:00			`type = types.lines;`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`default = "";`
			`description = ''`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`Extra configuration that should be put in the global section of`
php-fpm module: cleanup - Added example for the pool option - Unified PHP-FPM spelling 2016-09-27 01:20:22 +00:00			`the PHP-FPM configuration file. Do not specify the options`
php fpm: add systemd support PHP FPM will now notify systemd when it's done initializing and ready to serve requests. Additionally ```systemctl status phpfpm``` will now show statistics such as: ``` Status: "Processes active: 0, idle: 8, Requests: 0, slow: 0, Traffic: 0req/sec" ``` 2016-10-05 15:30:31 +00:00			`<literal>error_log</literal> or`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`<literal>daemonize</literal> here, since they are generated by`
			`NixOS.`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`'';`
			`};`

Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`phpPackage = mkOption {`
			`type = types.package;`
			`default = pkgs.php;`
			`defaultText = "pkgs.php";`
			`description = ''`
			`The PHP package to use for running the PHP-FPM service.`
			`'';`
			`};`
phpfpm service: restructured pool configuration From @fpletz: Keep poolConfigs option for backwards-compatibility. The original commit 6b3f5b5a421fe3422e9ef63a3fd690178c36163e was previously reverted by c7860cae1a4b54f4b54339142472f00f861fa055 but the issues were resolved. 2016-06-19 21:42:26 +00:00
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`phpOptions = mkOption {`
			`type = types.lines;`
			`default = "";`
			`example =`
			`''`
			`date.timezone = "CET"`
			`'';`
			`description =`
			`"Options appended to the PHP configuration file <filename>php.ini</filename>.";`
			`};`

			`pools = mkOption {`
			`type = types.attrsOf (types.submodule (import ./pool-options.nix {`
			`inherit lib config;`
			`}));`
			`default = {};`
			`example = literalExample ''`
			`{`
			`mypool = {`
			`listen = "/path/to/unix/socket";`
			`phpPackage = pkgs.php;`
			`extraConfig = '''`
			`user = nobody`
			`pm = dynamic`
			`pm.max_children = 75`
			`pm.start_servers = 10`
			`pm.min_spare_servers = 5`
			`pm.max_spare_servers = 20`
			`pm.max_requests = 500`
			`''';`
			`}`
			`}'';`
phpfpm service: restructured pool configuration From @fpletz: Keep poolConfigs option for backwards-compatibility. The original commit 6b3f5b5a421fe3422e9ef63a3fd690178c36163e was previously reverted by c7860cae1a4b54f4b54339142472f00f861fa055 but the issues were resolved. 2016-06-19 21:42:26 +00:00			`description = ''`
nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`PHP-FPM pools. If no pools are defined, the PHP-FPM`
php-fpm module: cleanup - Added example for the pool option - Unified PHP-FPM spelling 2016-09-27 01:20:22 +00:00			`service is disabled.`
phpfpm service: restructured pool configuration From @fpletz: Keep poolConfigs option for backwards-compatibility. The original commit 6b3f5b5a421fe3422e9ef63a3fd690178c36163e was previously reverted by c7860cae1a4b54f4b54339142472f00f861fa055 but the issues were resolved. 2016-06-19 21:42:26 +00:00			`'';`
			`};`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`};`
			`};`

nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`config = mkIf (cfg.pools != {}) {`
phpfpm service: add target and slice 2017-02-27 23:00:57 +00:00
			`systemd.slices.phpfpm = {`
			`description = "PHP FastCGI Process manager pools slice";`
			`};`

			`systemd.targets.phpfpm = {`
			`description = "PHP FastCGI Process manager pools target";`
			`wantedBy = [ "multi-user.target" ];`
			`};`

nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`systemd.services = mapAttrs' (pool: poolOpts:`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`nameValuePair "phpfpm-${pool}" {`
phpfpm service: add target and slice 2017-02-27 23:00:57 +00:00			`description = "PHP FastCGI Process Manager service for pool ${pool}";`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`after = [ "network.target" ];`
phpfpm service: add target and slice 2017-02-27 23:00:57 +00:00			`wantedBy = [ "phpfpm.target" ];`
			`partOf = [ "phpfpm.target" ];`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`preStart = ''`
			`mkdir -p ${stateDir}`
			`'';`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`serviceConfig = let`
nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`cfgFile = fpmCfgFile pool poolOpts;`
			`iniFile = phpIni poolOpts;`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`in {`
phpfpm service: add target and slice 2017-02-27 23:00:57 +00:00			`Slice = "phpfpm.slice";`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`PrivateDevices = true;`
			`ProtectSystem = "full";`
			`ProtectHome = true;`
phpfpm service: allow netlink sockets for sendmail Fixes #26611. 2017-08-28 22:41:31 +00:00			`# XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work`
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a. 2019-06-29 01:47:43 +00:00			`RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`Type = "notify";`
nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`ExecStart = "${poolOpts.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${iniFile}";`
phpfpm service: one service per pool for isolation 2017-01-25 22:21:33 +00:00			`ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";`
			`};`
			`}`
nixos/phpfpm: deprecate poolConfigs option 2019-07-03 16:11:38 +00:00			`) cfg.pools;`
Add phpfpm NixOS service module 2014-03-11 22:46:57 +00:00			`};`
			`}`