Add cacert as dependency when building private git

[perso/Immae/Config/Nix.git] / virtual / eldiron.nix

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index c3470293e29c9de57bb3e6d641978506268baa9f..ed414298a2d44334c2af1368a0631d8b4303f5cd 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -52,6 +52,8 @@
       };
     };
 
+    services.ympd = mypkgs.ympd.config // { enable = true; };
+
     # FIXME: open_basedir
     services.phpfpm = {
       extraConfig = ''
@@ -86,9 +88,34 @@
       logPerVirtualHost = true;
       multiProcessingModule = "worker";
       adminAddr = "httpd@immae.eu";
-      extraModules = [
-        "proxy_fcgi" # for PHP
-      ];
+      # FIXME: http2
+      extraModules = pkgs.lib.lists.unique (
+        mypkgs.adminer.apache.modules ++
+        [
+          "macro"
+          "ldap"
+          "authnz_ldap"
+        ]);
+      extraConfig = ''
+        <IfModule ldap_module>
+          LDAPSharedCacheSize 500000
+          LDAPCacheEntries 1024
+          LDAPCacheTTL 600
+          LDAPOpCacheEntries 1024
+          LDAPOpCacheTTL 600
+        </IfModule>
+
+        <Macro LDAPConnect>
+          <IfModule authnz_ldap_module>
+            AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu
+            AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
+            AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+            AuthType             Basic
+            AuthName             "Authentification requise (Acces LDAP)"
+            AuthBasicProvider    ldap
+          </IfModule>
+        </Macro>
+        '';
       virtualHosts = [
         (withSSL "eldiron" // {
           listen = [ { ip = "*"; port = 443; } ];
@@ -110,6 +137,7 @@
           documentRoot = null;
           extraConfig = builtins.concatStringsSep "\n" [
             mypkgs.adminer.apache.vhostConf
+            mypkgs.ympd.apache.vhostConf
           ];
         })
         { # Should go last, default fallback