X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fldap.nix;h=8ee39f61e9dc5fb26297d4c3b11546cb146bb623;hb=b798cf6d60baf5aad5438ba5936259c64d87299c;hp=9d988373ef7cbb20bd9a8aafca39c5b3015939ad;hpb=a840a21c954be6342603ae7a45dde6c005761696;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
index 9d98837..8ee39f6 100644
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -1,10 +1,10 @@
-{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+{ lib, php, env, writeText, phpldapadmin }:
 rec {
-  keys.tools-ldap = {
-    destDir = "/run/keys/webapps";
+  keys = [{
+    dest = "webapps/tools-ldap";
     user = apache.user;
     group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       <?php
       $config->custom->appearance['show_clear_password'] = true;
@@ -24,30 +24,8 @@ rec {
       $servers->setValue('login','attr','uid');
       $servers->setValue('login','fallback_dn',true);
       '';
-  };
-  webRoot = stdenv.mkDerivation rec {
-    version = "1.2.3";
-    name = "phpldapadmin-${version}";
-    src = fetchurl {
-      url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
-      sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
-    };
-    patches = [
-      ./ldap-php5_5.patch
-      ./ldap-disable-mcrypt.patch
-      ./ldap-php7_2.patch
-      ./ldap-sort-in-templates.patch
-      ./ldap-align-button.patch
-      ];
-    buildInputs = [ optipng ];
-    buildPhase = ''
-      find -name '*.png' -exec optipng -quiet -force -fix {} \;
-    '';
-    installPhase = ''
-      cp -a . $out
-      ln -sf /run/keys/webapps/tools-ldap $out/config/config.php
-    '';
-  };
+  }];
+  webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
   apache = rec {
     user = "wwwrun";
     group = "wwwrun";
@@ -68,8 +46,8 @@ rec {
       '';
   };
   phpFpm = rec {
-    serviceDeps = [ "openldap.service" "tools-ldap-key.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ];
+    serviceDeps = [ "openldap.service" ];
+    basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
     socket = "/var/run/phpfpm/ldap.sock";
     pool = ''
       listen = ${socket}
@@ -83,7 +61,8 @@ rec {
 
       ; Needed to avoid clashes in browser cookies (same domain)
       php_value[session.name] = LdapPHPSESSID
-      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
+      php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
       '';
   };
 }