Set SSL_CERT_* variables for php-fpm

This should let Nextcloud News fetch feeds when they're added by the user, not
just during cron jobs.

2 files changed, 60 insertions, 1 deletions

diff --git a/tw/services/nextcloud.scm b/tw/services/nextcloud.scm
index 472e0aed..7545474d 100644
--- a/tw/services/nextcloud.scm
+++ b/tw/services/nextcloud.scm
@@ -87,7 +87,7 @@ Header always set Strict-Transport-Security \"max-age=15552000\"
 </IfModule>
 "))))
 
-        (service php-fpm-service-type
+        (service (@ (tw services php-fpm) php-fpm-service-type)
           (php-fpm-configuration
            (user "httpd")
            (group "httpd")
diff --git a/tw/services/php-fpm.scm b/tw/services/php-fpm.scm
new file mode 100644
index 00000000..4bdb899e
--- /dev/null
+++ b/tw/services/php-fpm.scm
@@ -0,0 +1,59 @@
+(define-module (tw services php-fpm)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services admin)
+  #:use-module (gnu system pam)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages certs)
+  #:use-module (guix gexp)
+  #:use-module ((guix store) #:select (text-file))
+  #:use-module ((guix utils) #:select (version-major))
+  #:use-module ((guix packages) #:select (package-version))
+  #:use-module (ice-9 match)
+  #:use-module ((gnu services web) #:select (php-fpm-configuration))
+  #:export (php-fpm-service-type))
+
+(define <php-fpm-configuration> (@@ (gnu services web) <php-fpm-configuration>))
+(define default-php-fpm-config (@@ (gnu services web) default-php-fpm-config))
+
+(define php-fpm-shepherd-service
+  (match-lambda
+    (($ <php-fpm-configuration> php socket user group socket-user socket-group
+                                pid-file log-file pm display-errors
+                                timezone workers-log-file file php-ini-file)
+     (list (shepherd-service
+            (provision '(php-fpm))
+            (documentation "Run the php-fpm daemon.")
+            (requirement '(networking))
+            (start #~(make-forkexec-constructor
+                      '(#$(file-append php "/sbin/php-fpm")
+                        "--fpm-config"
+                        #$(or file
+                              (default-php-fpm-config socket user group
+                                socket-user socket-group pid-file log-file
+                                pm display-errors timezone workers-log-file))
+                        #$@(if php-ini-file
+                               `("-c" ,php-ini-file)
+                               '()))
+                      ;; XXX: this stanza added, for Nextcloud News
+                      #:environment-variables
+                      (cons*
+                       (string-append "SSL_CERT_DIR=" #$(file-append nss-certs "/etc/ssl/certs"))
+                       (default-environment-variables))
+                      #:pid-file #$pid-file))
+            (stop #~(make-kill-destructor)))))))
+
+(define php-fpm-service-type
+  (service-type
+   (name 'php-fpm)
+   (description
+    "Run @command{php-fpm} to provide a fastcgi socket for calling php through
+a webserver.")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             php-fpm-shepherd-service)
+          (service-extension activation-service-type
+                             (@@ (gnu services web) php-fpm-activation))
+          (service-extension account-service-type
+                             (@@ (gnu services web) php-fpm-accounts))))
+   (default-value (php-fpm-configuration))))