-{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+{ lib, php, env, writeText, phpldapadmin }:
rec {
- config = writeText "config.php" ''
- <?php
- $config->custom->appearance['show_clear_password'] = true;
- $config->custom->appearance['hide_template_warning'] = true;
- $config->custom->appearance['theme'] = "tango";
- $config->custom->appearance['minimalMode'] = true;
+ keys = [{
+ dest = "webapps/tools-ldap";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ <?php
+ $config->custom->appearance['show_clear_password'] = true;
+ $config->custom->appearance['hide_template_warning'] = true;
+ $config->custom->appearance['theme'] = "tango";
+ $config->custom->appearance['minimalMode'] = true;
- $servers = new Datastore();
+ $servers = new Datastore();
- $servers->newServer('ldap_pla');
- $servers->setValue('server','name','Immae’s LDAP');
- $servers->setValue('server','host','ldaps://${env.ldap.host}');
- $servers->setValue('login','auth_type','cookie');
- $servers->setValue('login','bind_id','${env.ldap.dn}');
- $servers->setValue('login','bind_pass','${env.ldap.password}');
- $servers->setValue('appearance','password_hash','ssha');
- $servers->setValue('login','attr','uid');
- $servers->setValue('login','fallback_dn',true);
- '';
- webRoot = stdenv.mkDerivation rec {
- version = "1.2.3";
- name = "phpldapadmin-${version}";
- src = fetchurl {
- url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
- sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
- };
- patches = [
- ./ldap-php5_5.patch
- ./ldap-disable-mcrypt.patch
- ./ldap-php7_2.patch
- ./ldap-sort-in-templates.patch
- ./ldap-align-button.patch
- ];
- buildInputs = [ optipng ];
- buildPhase = ''
- find -name '*.png' -exec optipng -quiet -force -fix {} \;
- '';
- installPhase = ''
- cp -a . $out
- ln -sf ${config} $out/config/config.php
- '';
- };
- apache = {
+ $servers->newServer('ldap_pla');
+ $servers->setValue('server','name','Immae’s LDAP');
+ $servers->setValue('server','host','ldaps://${env.ldap.host}');
+ $servers->setValue('login','auth_type','cookie');
+ $servers->setValue('login','bind_id','${env.ldap.dn}');
+ $servers->setValue('login','bind_pass','${env.ldap.password}');
+ $servers->setValue('appearance','password_hash','ssha');
+ $servers->setValue('login','attr','uid');
+ $servers->setValue('login','fallback_dn',true);
+ '';
+ }];
+ webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
+ apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
+ webappName = "tools_ldap";
+ root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
- Alias /ldap "${webRoot}/htdocs"
- <Directory "${webRoot}/htdocs">
+ Alias /ldap "${root}"
+ <Directory "${root}">
DirectoryIndex index.php
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
'';
};
phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webRoot config ];
+ serviceDeps = [ "openldap.service" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
socket = "/var/run/phpfpm/ldap.sock";
pool = ''
listen = ${socket}
; Needed to avoid clashes in browser cookies (same domain)
php_value[session.name] = LdapPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp"
+ php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
+ php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
'';
};
}