nixops/modules/websites/tools/tools/ldap.nix

   1 { lib, php, env, writeText, stdenv, optipng, fetchurl }:
   2 rec {
   3   config = writeText "config.php" ''
   4     <?php
   5     $config->custom->appearance['show_clear_password'] = true;
   6     $config->custom->appearance['hide_template_warning'] = true;
   7     $config->custom->appearance['theme'] = "tango";
   8     $config->custom->appearance['minimalMode'] = true;
   9
  10     $servers = new Datastore();
  11
  12     $servers->newServer('ldap_pla');
  13     $servers->setValue('server','name','Immae’s LDAP');
  14     $servers->setValue('server','host','ldaps://${env.ldap.host}');
  15     $servers->setValue('login','auth_type','cookie');
  16     $servers->setValue('login','bind_id','${env.ldap.dn}');
  17     $servers->setValue('login','bind_pass','${env.ldap.password}');
  18     $servers->setValue('appearance','password_hash','ssha');
  19     $servers->setValue('login','attr','uid');
  20     $servers->setValue('login','fallback_dn',true);
  21     '';
  22   webRoot = stdenv.mkDerivation rec {
  23     version = "1.2.3";
  24     name = "phpldapadmin-${version}";
  25     src = fetchurl {
  26       url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
  27       sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
  28     };
  29     patches = [
  30       ./ldap-php5_5.patch
  31       ./ldap-disable-mcrypt.patch
  32       ./ldap-php7_2.patch
  33       ./ldap-sort-in-templates.patch
  34       ./ldap-align-button.patch
  35       ];
  36     buildInputs = [ optipng ];
  37     buildPhase = ''
  38       find -name '*.png' -exec optipng -quiet -force -fix {} \;
  39     '';
  40     installPhase = ''
  41       cp -a . $out
  42       ln -sf ${config} $out/config/config.php
  43     '';
  44   };
  45   apache = {
  46     user = "wwwrun";
  47     group = "wwwrun";
  48     modules = [ "proxy_fcgi" ];
  49     vhostConf = ''
  50       Alias /ldap "${webRoot}/htdocs"
  51       <Directory "${webRoot}/htdocs">
  52         DirectoryIndex index.php
  53         <FilesMatch "\.php$">
  54           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  55         </FilesMatch>
  56
  57         AllowOverride None
  58         Require all granted
  59       </Directory>
  60       '';
  61   };
  62   phpFpm = rec {
  63     basedir = builtins.concatStringsSep ":" [ webRoot config ];
  64     socket = "/var/run/phpfpm/ldap.sock";
  65     pool = ''
  66       listen = ${socket}
  67       user = ${apache.user}
  68       group = ${apache.group}
  69       listen.owner = ${apache.user}
  70       listen.group = ${apache.group}
  71       pm = ondemand
  72       pm.max_children = 60
  73       pm.process_idle_timeout = 60
  74
  75       ; Needed to avoid clashes in browser cookies (same domain)
  76       php_value[session.name] = LdapPHPSESSID
  77       php_admin_value[open_basedir] = "${basedir}:/tmp"
  78       '';
  79   };
  80 }