X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fldap.nix;h=14920f4e32191d1835c690378cd7cadabdf900b1;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=4585ee3ce872f2ca43309287b392db0dcec17075;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index 4585ee3..14920f4 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix @@ -1,4 +1,4 @@ -{ lib, php, env, writeText, phpldapadmin }: +{ lib, php, env, writeText, phpldapadmin, config }: rec { activationScript = { deps = [ "httpd" ]; @@ -6,8 +6,7 @@ rec { install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin ''; }; - keys = [{ - dest = "webapps/tools-ldap"; + keys."webapps/tools-ldap" = { user = apache.user; group = apache.group; permissions = "0400"; @@ -16,7 +15,8 @@ rec { $config->custom->appearance['show_clear_password'] = true; $config->custom->appearance['hide_template_warning'] = true; $config->custom->appearance['theme'] = "tango"; - $config->custom->appearance['minimalMode'] = true; + $config->custom->appearance['minimalMode'] = false; + $config->custom->appearance['tree'] = 'AJAXTree'; $servers = new Datastore(); @@ -26,24 +26,24 @@ rec { $servers->setValue('login','auth_type','cookie'); $servers->setValue('login','bind_id','${env.ldap.dn}'); $servers->setValue('login','bind_pass','${env.ldap.password}'); - $servers->setValue('appearance','password_hash','ssha'); + $servers->setValue('appearance','pla_password_hash','ssha'); $servers->setValue('login','attr','uid'); $servers->setValue('login','fallback_dn',true); ''; - }]; - webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; + }; + webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "tools_ldap"; root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' + vhostConf = socket: '' Alias /ldap "${root}" DirectoryIndex index.php - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + SetHandler "proxy:unix:${socket}|fcgi://localhost" AllowOverride None @@ -53,22 +53,18 @@ rec { }; phpFpm = rec { serviceDeps = [ "openldap.service" ]; - basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; - socket = "/var/run/phpfpm/ldap.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = ondemand - pm.max_children = 60 - pm.process_idle_timeout = 60 + basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ]; + pool = { + "listen.owner" = apache.user; + "listen.group" = apache.group; + "pm" = "ondemand"; + "pm.max_children" = "60"; + "pm.process_idle_timeout" = "60"; - ; Needed to avoid clashes in browser cookies (same domain) - php_value[session.name] = LdapPHPSESSID - php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" - php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" - ''; + # Needed to avoid clashes in browser cookies (same domain) + "php_value[session.name]" = "LdapPHPSESSID"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"; + "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin"; + }; }; }