X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fadminer.nix;h=f8928417686aee2ada2dc9509192db51f422694c;hb=c0d1c186b7811daaebea87563978c426856f28d0;hp=cd51e7fe6d908318dbef2aab71188aa6a61fa2e5;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index cd51e7f..f892841 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
-{ adminer }:
+{ adminer, php74, forcePhpSocket ? null }:
 rec {
   activationScript = {
     deps = [ "httpd" ];
@@ -9,23 +9,22 @@ rec {
   };
   webRoot = adminer;
   phpFpm = rec {
-    socket = "/var/run/phpfpm/adminer.sock";
-    pool = ''
-      listen = ${socket}
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = ondemand
-      pm.max_children = 5
-      pm.process_idle_timeout = 60
-      ;php_admin_flag[log_errors] = on
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = AdminerPHPSESSID
-      php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer"
-      php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer"
-      php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer"
-      '';
+    user = apache.user;
+    group = apache.group;
+    phpPackage = php74;
+    settings = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "5";
+      "pm.process_idle_timeout" = "60";
+      #"php_admin_flag[log_errors]" = "on";
+      # Needed to avoid clashes in browser cookies (same domain)
+      "php_value[session.name]" = "AdminerPHPSESSID";
+      "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer";
+      "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
+      "php_admin_value[upload_tmp_dir]" = "/var/lib/php/tmp/adminer";
+    };
   };
   apache = rec {
     user = "wwwrun";
@@ -33,14 +32,17 @@ rec {
     modules = [ "proxy_fcgi" ];
     webappName = "_adminer";
     root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
+    vhostConf = socket: ''
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };