]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/task/www/index.php
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move rest of the modules outside of nixops
[perso/Immae/Config/Nix.git] / nixops / modules / task / www / index.php
diff --git a/nixops/modules/task/www/index.php b/nixops/modules/task/www/index.php
deleted file mode 100644 (file)
index deaf8af..0000000
--- a/nixops/modules/task/www/index.php
+++ /dev/null
@@ -1,157 +0,0 @@
-<?php
-if (!isset($_SERVER["REMOTE_USER"])) {
-  die("please login");
-}
-$ldap_user = $_SERVER["REMOTE_USER"];
-$ldap_host = getenv("TASKD_LDAP_HOST");
-$ldap_dn = getenv('TASKD_LDAP_DN');
-$ldap_password = getenv('TASKD_LDAP_PASSWORD');
-$ldap_base = getenv('TASKD_LDAP_BASE');
-$ldap_filter = getenv('TASKD_LDAP_FILTER');
-$host   = getenv('TASKD_HOST');
-$vardir = getenv('TASKD_VARDIR');
-
-$connect = ldap_connect($ldap_host);
-ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
-if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
-  die("impossible to connect to LDAP");
-}
-
-$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
-
-$search = ldap_search($connect, $ldap_base, $search_query);
-$info = ldap_get_entries($connect, $search);
-
-if (ldap_count_entries($connect, $search) != 1) {
-  die("Impossible to find user in LDAP");
-}
-
-$entries = [];
-foreach($info[0]["immaetaskid"] as $key => $value) {
-  if ($key !== "count") {
-    $entries[] = explode(":", $value);
-  }
-}
-
-if (isset($_GET["file"])) {
-  $basecert = $vardir . "/userkeys/" . $ldap_user;
-  if (!file_exists($basecert . ".cert.pem")) {
-    exec("taskserver-user-certs $ldap_user");
-  }
-  $certificate = file_get_contents($basecert . ".cert.pem");
-  $cert_key    = file_get_contents($basecert . ".key.pem");
-
-  // IdenTrust DST Root CA X3
-  // obtained here: https://letsencrypt.org/fr/certificates/
-  $server_cert = "-----BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----";
-
-  $file = $_GET["file"];
-  switch($file) {
-  case "ca.cert.pem":
-    $content = $server_cert;
-    $name    = "ca.cert.pem";
-    $type    = "application/x-x509-ca-cert";
-    break;
-  case "cert.pem":
-    $content = $certificate;
-    $name    = $ldap_user . ".cert.pem";
-    $type    = "application/x-x509-ca-cert";
-    break;
-  case "key.pem":
-    $content = $cert_key;
-    $name    = $ldap_user . ".key.pem";
-    $type    = "application/x-x509-ca-cert";
-    break;
-  case "mirakel";
-    foreach ($entries as $entry) {
-      list($org, $user, $key) = $entry;
-      if ($key == $_GET["key"]) { break; }
-    }
-    $name    = $user . ".mirakel";
-    $type    = "text/plain";
-    $content = "username: $user
-org: $org
-user key: $key
-server: $host
-client.cert:
-$certificate
-Client.key:
-$cert_key
-ca.cert:
-$server_cert
-";
-    break;
-  default:
-    die("invalid file name");
-    break;
-  }
-
-  header("Content-Type: $type");
-  header('Content-Disposition: attachment; filename="' . $name . '"');
-  header('Content-Transfer-Encoding: binary');
-  header('Accept-Ranges: bytes');
-  header('Cache-Control: private');
-  header('Pragma: private');
-  echo $content;
-  exit;
-}
-?>
-<html>
-<header>
-  <title>Taskwarrior configuration</title>
-</header>
-<body>
-<ul>
-  <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
-  <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
-  <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
-</ul>
-For command line interface, download the files, put them near your Taskwarrior
-configuration files, and add that to your Taskwarrior configuration:
-<pre>
-taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
-taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
-taskd.server=<?php echo $host ."\n"; ?>
-<?php if (count($entries) > 1) {
-  echo "# Chose one of them\n";
-  foreach($entries as $entry) {
-    list($org, $user, $key) = $entry;
-    echo "# taskd.credentials=$org/$user/$key\n";
-  }
-} else { ?>
-taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
-<?php } ?>
-taskd.ca=/path/to/ca.cert.pem
-</pre>
-For Mirakel, download and import the file:
-<ul>
-<?php
-foreach ($entries as $entry) {
-  list($org, $user, $key) = $entry;
-  echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
-}
-?>
-</ul>
-For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
-</body>
-</html>
-
My infrastructure configuration