+++ /dev/null
-{ lib, php, env, writeText, phpldapadmin }:
-rec {
- keys = [{
- dest = "webapps/tools-ldap";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- <?php
- $config->custom->appearance['show_clear_password'] = true;
- $config->custom->appearance['hide_template_warning'] = true;
- $config->custom->appearance['theme'] = "tango";
- $config->custom->appearance['minimalMode'] = true;
-
- $servers = new Datastore();
-
- $servers->newServer('ldap_pla');
- $servers->setValue('server','name','Immae’s LDAP');
- $servers->setValue('server','host','ldaps://${env.ldap.host}');
- $servers->setValue('login','auth_type','cookie');
- $servers->setValue('login','bind_id','${env.ldap.dn}');
- $servers->setValue('login','bind_pass','${env.ldap.password}');
- $servers->setValue('appearance','password_hash','ssha');
- $servers->setValue('login','attr','uid');
- $servers->setValue('login','fallback_dn',true);
- '';
- }];
- webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
- apache = rec {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- webappName = "tools_ldap";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
- Alias /ldap "${root}"
- <Directory "${root}">
- DirectoryIndex index.php
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- </FilesMatch>
-
- AllowOverride None
- Require all granted
- </Directory>
- '';
- };
- phpFpm = rec {
- serviceDeps = [ "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
- socket = "/var/run/phpfpm/ldap.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = ondemand
- pm.max_children = 60
- pm.process_idle_timeout = 60
-
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = LdapPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
- '';
- };
-}