]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/tools/tools/ldap.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add php ldap
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / ldap.nix
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
new file mode 100644 (file)
index 0000000..82615a7
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -0,0 +1,80 @@
+{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+rec {
+  config = writeText "config.php" ''
+    <?php
+    $config->custom->appearance['show_clear_password'] = true;
+    $config->custom->appearance['hide_template_warning'] = true;
+    $config->custom->appearance['theme'] = "tango";
+    $config->custom->appearance['minimalMode'] = true;
+
+    $servers = new Datastore();
+
+    $servers->newServer('ldap_pla');
+    $servers->setValue('server','name','Immae’s LDAP');
+    $servers->setValue('server','host','ldaps://${env.ldap.host}');
+    $servers->setValue('login','auth_type','cookie');
+    $servers->setValue('login','bind_id','${env.ldap.dn}');
+    $servers->setValue('login','bind_pass','${env.ldap.password}');
+    $servers->setValue('appearance','password_hash','ssha');
+    $servers->setValue('login','attr','uid');
+    $servers->setValue('login','fallback_dn',true);
+    '';
+  webRoot = stdenv.mkDerivation rec {
+    version = "1.2.3";
+    name = "phpldapadmin-${version}";
+    src = fetchurl {
+      url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
+      sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
+    };
+    patches = [
+      ./ldap-php5_5.patch
+      ./ldap-disable-mcrypt.patch
+      ./ldap-php7_2.patch
+      ./ldap-sort-in-templates.patch
+      ./ldap-align-button.patch
+      ];
+    buildInputs = [ optipng ];
+    buildPhase = ''
+      find -name '*.png' -exec optipng -quiet -force -fix {} \;
+    '';
+    installPhase = ''
+      cp -a . $out
+      ln -sf ${config} $out/config/config.php
+    '';
+  };
+  apache = {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    vhostConf = ''
+      Alias /ldap "${webRoot}/htdocs"
+      <Directory "${webRoot}/htdocs">
+        DirectoryIndex index.php
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        AllowOverride None
+        Require all granted
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot config ];
+    socket = "/var/run/phpfpm/ldap.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = LdapPHPSESSID
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      '';
+  };
+}
My infrastructure configuration