]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/tools/tools/ldap.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move websites/tools to modules
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / ldap.nix
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
deleted file mode 100644 (file)
index 8ee39f6..0000000
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{ lib, php, env, writeText, phpldapadmin }:
-rec {
-  keys = [{
-    dest = "webapps/tools-ldap";
-    user = apache.user;
-    group = apache.group;
-    permissions = "0400";
-    text = ''
-      <?php
-      $config->custom->appearance['show_clear_password'] = true;
-      $config->custom->appearance['hide_template_warning'] = true;
-      $config->custom->appearance['theme'] = "tango";
-      $config->custom->appearance['minimalMode'] = true;
-
-      $servers = new Datastore();
-
-      $servers->newServer('ldap_pla');
-      $servers->setValue('server','name','Immae&#x2019;s LDAP');
-      $servers->setValue('server','host','ldaps://${env.ldap.host}');
-      $servers->setValue('login','auth_type','cookie');
-      $servers->setValue('login','bind_id','${env.ldap.dn}');
-      $servers->setValue('login','bind_pass','${env.ldap.password}');
-      $servers->setValue('appearance','password_hash','ssha');
-      $servers->setValue('login','attr','uid');
-      $servers->setValue('login','fallback_dn',true);
-      '';
-  }];
-  webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    webappName = "tools_ldap";
-    root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
-      Alias /ldap "${root}"
-      <Directory "${root}">
-        DirectoryIndex index.php
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-        </FilesMatch>
-
-        AllowOverride None
-        Require all granted
-      </Directory>
-      '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
-    socket = "/var/run/phpfpm/ldap.sock";
-    pool = ''
-      listen = ${socket}
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = ondemand
-      pm.max_children = 60
-      pm.process_idle_timeout = 60
-
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = LdapPHPSESSID
-      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
-      php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
-      '';
-  };
-}
My infrastructure configuration