nixops/modules/websites/tools/tools/ldap.nix

   1 { lib, php, env, writeText, stdenv, optipng, fetchurl }:
   2 rec {
   3   config = writeText "config.php" ''
   4     <?php
   5     $config->custom->appearance['show_clear_password'] = true;
   6     $config->custom->appearance['hide_template_warning'] = true;
   7     $config->custom->appearance['theme'] = "tango";
   8     $config->custom->appearance['minimalMode'] = true;
   9
  10     $servers = new Datastore();
  11
  12     $servers->newServer('ldap_pla');
  13     $servers->setValue('server','name','Immae’s LDAP');
  14     $servers->setValue('server','host','ldaps://${env.ldap.host}');
  15     $servers->setValue('login','auth_type','cookie');
  16     $servers->setValue('login','bind_id','${env.ldap.dn}');
  17     $servers->setValue('login','bind_pass','${env.ldap.password}');
  18     $servers->setValue('appearance','password_hash','ssha');
  19     $servers->setValue('login','attr','uid');
  20     $servers->setValue('login','fallback_dn',true);
  21     '';
  22   webRoot = stdenv.mkDerivation rec {
  23     version = "1.2.3";
  24     name = "phpldapadmin-${version}";
  25     src = fetchurl {
  26       url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
  27       sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
  28     };
  29     patches = [
  30       ./ldap-php5_5.patch
  31       ./ldap-disable-mcrypt.patch
  32       ./ldap-php7_2.patch
  33       ./ldap-sort-in-templates.patch
  34       ./ldap-align-button.patch
  35       ];
  36     buildInputs = [ optipng ];
  37     buildPhase = ''
  38       find -name '*.png' -exec optipng -quiet -force -fix {} \;
  39     '';
  40     installPhase = ''
  41       cp -a . $out
  42       ln -sf ${config} $out/config/config.php
  43     '';
  44   };
  45   apache = rec {
  46     user = "wwwrun";
  47     group = "wwwrun";
  48     modules = [ "proxy_fcgi" ];
  49     webappName = "tools_ldap";
  50     root = "/run/current-system/webapps/${webappName}";
  51     vhostConf = ''
  52       Alias /ldap "${root}"
  53       <Directory "${root}">
  54         DirectoryIndex index.php
  55         <FilesMatch "\.php$">
  56           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  57         </FilesMatch>
  58
  59         AllowOverride None
  60         Require all granted
  61       </Directory>
  62       '';
  63   };
  64   phpFpm = rec {
  65     basedir = builtins.concatStringsSep ":" [ webRoot config ];
  66     socket = "/var/run/phpfpm/ldap.sock";
  67     pool = ''
  68       listen = ${socket}
  69       user = ${apache.user}
  70       group = ${apache.group}
  71       listen.owner = ${apache.user}
  72       listen.group = ${apache.group}
  73       pm = ondemand
  74       pm.max_children = 60
  75       pm.process_idle_timeout = 60
  76
  77       ; Needed to avoid clashes in browser cookies (same domain)
  78       php_value[session.name] = LdapPHPSESSID
  79       php_admin_value[open_basedir] = "${basedir}:/tmp"
  80       '';
  81   };
  82 }