X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdmarc_reports.nix;h=89da246167944a5cc842380bbc8935fdbdac7e33;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=2e445264e39366183a185cbdaaf51ea1f137e3fc;hpb=7df5e532c1ce2ab9e8527615c08c1178990870e6;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix
index 2e44526..89da246 100644
--- a/modules/private/websites/tools/tools/dmarc_reports.nix
+++ b/modules/private/websites/tools/tools/dmarc_reports.nix
@@ -1,7 +1,6 @@
-{ env }:
+{ env, config }:
 rec {
-  keys = [{
-    dest = "webapps/tools-dmarc-reports.php";
+  keys."webapps/tools-dmarc-reports.php" = {
     user = "wwwrun";
     group = "wwwrun";
     permissions = "0400";
@@ -12,9 +11,10 @@ rec {
       $dbuser = "${env.mysql.user}";
       $dbpass = "${env.mysql.password}";
       $dbport = "${env.mysql.port}";
+      $anonymous_key = "${env.anonymous_key}";
       ?>
     '';
-  }];
+  };
   webRoot = ./dmarc_reports;
   apache = rec {
     user = "wwwrun";
@@ -32,13 +32,17 @@ rec {
 
         AllowOverride None
         Options +FollowSymlinks
+
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+        Use LDAPConnect
         Require all granted
+        Require ldap-attribute uid=immae
       </Directory>
       '';
   };
   phpFpm = rec {
     basedir = builtins.concatStringsSep ":"
-      [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ];
+      [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ];
     pool = {
       "listen.owner" = apache.user;
       "listen.group" = apache.group;
@@ -50,7 +54,7 @@ rec {
       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
     };
     phpEnv = {
-      SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php";
+      SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php";
     };
   };
 }