From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 8J3hF/WYfGTolAAASxT56A (envelope-from ) for ; Sun, 04 Jun 2023 16:00:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 6GNgF/WYfGTOOQAAauVa8A (envelope-from ) for ; Sun, 04 Jun 2023 16:00:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D7F941CF8E for ; Sun, 4 Jun 2023 16:00:20 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q5oH8-0002wN-CM; Sun, 04 Jun 2023 10:00:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q5oH5-0002vk-45 for guix-patches@gnu.org; Sun, 04 Jun 2023 10:00:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q5oH4-0005JO-QL for guix-patches@gnu.org; Sun, 04 Jun 2023 10:00:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q5oH4-0002d4-LH for guix-patches@gnu.org; Sun, 04 Jun 2023 10:00:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. References: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net> In-Reply-To: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net> Resent-From: Timo Wilken Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 04 Jun 2023 14:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63877 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63877@debbugs.gnu.org Cc: mirai@makinata.eu, Timo Wilken Received: via spool by 63877-submit@debbugs.gnu.org id=B63877.168588717510046 (code B ref 63877); Sun, 04 Jun 2023 14:00:02 +0000 Received: (at 63877) by debbugs.gnu.org; 4 Jun 2023 13:59:35 +0000 Received: from localhost ([127.0.0.1]:46814 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5oGc-0002bw-GV for submit@debbugs.gnu.org; Sun, 04 Jun 2023 09:59:34 -0400 Received: from mx2.mythic-beasts.com ([46.235.227.24]:39303) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5oGa-0002bg-5M for 63877@debbugs.gnu.org; Sun, 04 Jun 2023 09:59:33 -0400 Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q5oGT-00AVTe-Rt; Sun, 04 Jun 2023 14:59:26 +0100 From: Timo Wilken Date: Sun, 4 Jun 2023 15:59:03 +0200 Message-Id: X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 9 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1685887221; a=rsa-sha256; cv=none; b=ChbgHHG6TDZ0X/qm1VpO6H88eSE/VHApWWCiWWlqFh2R0ppE8kmX6A7NuDrUJFJtpBggZ9 z1jMX+eCHwTUP4mcN3zpMJZ6XeTXqrXCnX3MWX380Wv7PlKeNk1XJIW9qJDXlrHmd9oujT ZflJq2NMB+blsjhoUO8bF+vjA81lsdgzaZ0ZLci5lXtpiwFoEBTEVtD2wIPyDuX3g5eDM3 icVzeWkz5iKBwUNEf46wBl7ozmWw8qVrWPfnrKL+EuHIXEbQF42QYt5kWkLDvhjXuj1VB4 8z/4IoeOPfBdMiFpny7Kd/dzw1Q5q5GUo88/3T6myGTKSqfMW9vsoIqnPmc6HA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1685887221; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=sOBHVU8fqaAZcCH7kg5YogoYsmNYWNX7jSYmNGILjw8=; b=U6JVMnh339RSUeX07PIsAPXNhsOBMb4cdPScvz68uByPedeJ8lAMGz1Wh/yZJYA/xzkzRz VOZTrPZGHgx0zZt+90CtebDZ2bsKDKXysX5xObfr7j7twRI7LNspYS5OwIhTa+sZA/WMPb 9Vmv1UrkBjaAw3moUjgIsWVfd/7GtKWRxPn+j3JdApTuxMZbRw1ab66fO7utjO6WkcMBf7 N5WzZUgkBtqSoLZzBZp/Pswr31EgcrtNG4KwwF8tLIf2ytpvKQs2WvG6+e9MezCh9e/S3M crqerwA6iZIdxcgeVIF4laY7yIMvK0GC82495nd5LK3XRSC8QYn4p8k0n0yJ2Q== Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -1.08 X-Spam-Score: -1.08 X-Migadu-Queue-Id: D7F941CF8E X-TUID: KXpEU3ZSTSdy Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For this, they need to know where the system CA certificates are, so SSL_CERT_DIR needs to be set. This can be accomplished by the user using the new environment-variables field of . This field is empty by default to preserve the existing behaviour of php-fpm. * gnu/services/web.scm (): Add environment-variables field. (php-fpm-shepherd-service): Use the new field. * doc/guix.texi (Web Services): Document the new field. --- > How about exposing this as a new environment-variable record field à la > mpd-configuration (gnu services audio)? Hi Bruno, that's a good point! I've added a new field instead where the user can specify arbitrary environment variables. I've left it empty by default so there's no added dependency on any package, and documented my intended use case in the info manual instead. Caveat: I haven't tested this "live" yet. doc/guix.texi | 12 ++++++++++++ gnu/services/web.scm | 11 +++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 7f8d8d66e9..441867afee 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30994,6 +30994,18 @@ Web Services An optional override of the default php settings. It may be any ``file-like'' object (@pxref{G-Expressions, file-like objects}). You can use the @code{mixed-text-file} function or an absolute filepath for it. +@item @code{environment-variables} (default @code{#~(list)}) +A gexp (@pxref{G-Expressions}) which produces a list of strings +representing environment variable assignments. +These environment variables are set for the php-fpm process. +This can be used to, for example, point php-fpm at the CA certificates +in the @code{nss-certs} package from @code{(gnu packages certs)}: +@lisp +(php-fpm-configuration + ;; @dots{} + (environment-variables + #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs")))) +@end lisp For local development it is useful to set a higher timeout and memory limit for spawned php processes. This be accomplished with the diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 45897d7d6f..1c496d5946 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton ;;; Copyright © 2022 Simen Endsjø ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2023 Timo Wilken ;;; ;;; This file is part of GNU Guix. ;;; @@ -974,7 +975,9 @@ (define-record-type* php-fpm-configuration (file php-fpm-configuration-file ;#f | file-like (default #f)) (php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like - (default #f))) + (default #f)) + (environment-variables php-fpm-configuration-environment-variables ;gexp producing list-of-strings + (default #~(list)))) (define-record-type* php-fpm-dynamic-process-manager-configuration @@ -1081,7 +1084,8 @@ (define php-fpm-shepherd-service (match-lambda (($ php socket user group socket-user socket-group pid-file log-file pm display-errors - timezone workers-log-file file php-ini-file) + timezone workers-log-file file php-ini-file + environment-variables) (list (shepherd-service (provision '(php-fpm)) (documentation "Run the php-fpm daemon.") @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service #$@(if php-ini-file `("-c" ,php-ini-file) '())) + #:environment-variables + (append #$environment-variables + (default-environment-variables)) #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) base-commit: 66c9b82fed3c59ee07187898592c688c82fed273 -- 2.40.1