X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fldap.nix;h=2ca59f7a19c299808912d10818e03d63061e3254;hb=750fe5a43b957b91a26069cf8a4fe19fc7b2633c;hp=cc7044e70c3ae08bb6bb3bfde079abdace1b450a;hpb=693f27dff8b783c55739e381634300dabc20a4f3;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
index cc7044e..2ca59f7 100644
--- a/modules/private/websites/tools/tools/ldap.nix
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -1,4 +1,4 @@
-{ lib, php, env, writeText, phpldapadmin }:
+{ lib, php, env, writeText, phpldapadmin, config }:
 rec {
   activationScript = {
     deps = [ "httpd" ];
@@ -6,8 +6,7 @@ rec {
       install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
       '';
   };
-  keys = [{
-    dest = "webapps/tools-ldap";
+  keys."webapps/tools-ldap" = {
     user = apache.user;
     group = apache.group;
     permissions = "0400";
@@ -16,7 +15,8 @@ rec {
       $config->custom->appearance['show_clear_password'] = true;
       $config->custom->appearance['hide_template_warning'] = true;
       $config->custom->appearance['theme'] = "tango";
-      $config->custom->appearance['minimalMode'] = true;
+      $config->custom->appearance['minimalMode'] = false;
+      $config->custom->appearance['tree'] = 'AJAXTree';
 
       $servers = new Datastore();
 
@@ -30,20 +30,19 @@ rec {
       $servers->setValue('login','attr','uid');
       $servers->setValue('login','fallback_dn',true);
       '';
-  }];
-  webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
+  };
+  webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
   apache = rec {
     user = "wwwrun";
     group = "wwwrun";
     modules = [ "proxy_fcgi" ];
-    webappName = "tools_ldap";
-    root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
+    root = "${webRoot}/htdocs";
+    vhostConf = socket: ''
       Alias /ldap "${root}"
       <Directory "${root}">
         DirectoryIndex index.php
         <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
         </FilesMatch>
 
         AllowOverride None
@@ -53,22 +52,18 @@ rec {
   };
   phpFpm = rec {
     serviceDeps = [ "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
-    socket = "/var/run/phpfpm/ldap.sock";
-    pool = ''
-      listen = ${socket}
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = ondemand
-      pm.max_children = 60
-      pm.process_idle_timeout = 60
+    basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ];
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "60";
+      "pm.process_idle_timeout" = "60";
 
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = LdapPHPSESSID
-      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
-      php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
-      '';
+      # Needed to avoid clashes in browser cookies (same domain)
+      "php_value[session.name]" = "LdapPHPSESSID";
+      "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
+      "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
+    };
   };
 }