unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Timo Wilken <guix@twilken.net>
To: 63877@debbugs.gnu.org
Cc: mirai@makinata.eu, Timo Wilken <guix@twilken.net>
Subject: [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables.
Date: Sun,  4 Jun 2023 15:59:03 +0200	[thread overview]
Message-ID: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@twilken.net> (raw)
In-Reply-To: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net>

Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
this, they need to know where the system CA certificates are, so SSL_CERT_DIR
needs to be set.

This can be accomplished by the user using the new environment-variables field
of <php-fpm-configuration>.

This field is empty by default to preserve the existing behaviour of php-fpm.

* gnu/services/web.scm (<php-fpm-configuration>): Add environment-variables field.
  (php-fpm-shepherd-service): Use the new field.
* doc/guix.texi (Web Services): Document the new field.
---

> How about exposing this as a new environment-variable record field à la
> mpd-configuration (gnu services audio)?
Hi Bruno, that's a good point!

I've added a new field instead where the user can specify arbitrary
environment variables. I've left it empty by default so there's no added
dependency on any package, and documented my intended use case in the info
manual instead.

Caveat: I haven't tested this "live" yet.

 doc/guix.texi        | 12 ++++++++++++
 gnu/services/web.scm | 11 +++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 7f8d8d66e9..441867afee 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30994,6 +30994,18 @@ Web Services
 An optional override of the default php settings.
 It may be any ``file-like'' object (@pxref{G-Expressions, file-like objects}).
 You can use the @code{mixed-text-file} function or an absolute filepath for it.
+@item @code{environment-variables} (default @code{#~(list)})
+A gexp (@pxref{G-Expressions}) which produces a list of strings
+representing environment variable assignments.
+These environment variables are set for the php-fpm process.
+This can be used to, for example, point php-fpm at the CA certificates
+in the @code{nss-certs} package from @code{(gnu packages certs)}:
+@lisp
+(php-fpm-configuration
+ ;; @dots{}
+ (environment-variables
+  #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs"))))
+@end lisp
 
 For local development it is useful to set a higher timeout and memory
 limit for spawned php processes.  This be accomplished with the
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 45897d7d6f..1c496d5946 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@posteo.ro>
 ;;; Copyright © 2022 Simen Endsjø <simendsjo@gmail.com>
 ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2023 Timo Wilken <guix@twilken.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -974,7 +975,9 @@ (define-record-type* <php-fpm-configuration> php-fpm-configuration
   (file             php-fpm-configuration-file ;#f | file-like
                     (default #f))
   (php-ini-file     php-fpm-configuration-php-ini-file ;#f | file-like
-                    (default #f)))
+                    (default #f))
+  (environment-variables php-fpm-configuration-environment-variables ;gexp producing list-of-strings
+                         (default #~(list))))
 
 (define-record-type* <php-fpm-dynamic-process-manager-configuration>
   php-fpm-dynamic-process-manager-configuration
@@ -1081,7 +1084,8 @@ (define php-fpm-shepherd-service
   (match-lambda
     (($ <php-fpm-configuration> php socket user group socket-user socket-group
                                 pid-file log-file pm display-errors
-                                timezone workers-log-file file php-ini-file)
+                                timezone workers-log-file file php-ini-file
+                                environment-variables)
      (list (shepherd-service
             (provision '(php-fpm))
             (documentation "Run the php-fpm daemon.")
@@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service
                         #$@(if php-ini-file
                                `("-c" ,php-ini-file)
                                '()))
+                      #:environment-variables
+                      (append #$environment-variables
+                              (default-environment-variables))
                       #:pid-file #$pid-file))
             (stop #~(make-kill-destructor)))))))
 

base-commit: 66c9b82fed3c59ee07187898592c688c82fed273
-- 
2.40.1





  parent reply	other threads:[~2023-06-04 14:00 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-03 18:25 [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment Timo Wilken
2023-06-03 22:18 ` Bruno Victal
2023-06-04 13:59 ` Timo Wilken [this message]
2023-06-05  3:44   ` [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables Bruno Victal
2023-07-01 14:40     ` [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment Ludovic Courtès
2023-10-15 20:54     ` [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables Timo Wilken
2023-10-19 14:32       ` Bruno Victal
2024-02-17 23:21         ` [bug#63877] Reworked patch for setting " guix
2024-02-17 23:21           ` [bug#63877] [PATCH 1/2] gnu: services: web: Allow specifying extra " guix
2024-02-17 23:21           ` [bug#63877] [PATCH 2/2] tests: web: Test environment variables are set for php-fpm guix

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@twilken.net \
    --to=guix@twilken.net \
    --cc=63877@debbugs.gnu.org \
    --cc=mirai@makinata.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).