-{ lib, php, env, writeText, phpldapadmin }:
+{ lib, php, env, writeText, phpldapadmin, config }:
rec {
activationScript = {
deps = [ "httpd" ];
install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
'';
};
- keys = [{
- dest = "webapps/tools-ldap";
+ keys."webapps/tools-ldap" = {
user = apache.user;
group = apache.group;
permissions = "0400";
$config->custom->appearance['show_clear_password'] = true;
$config->custom->appearance['hide_template_warning'] = true;
$config->custom->appearance['theme'] = "tango";
- $config->custom->appearance['minimalMode'] = true;
+ $config->custom->appearance['minimalMode'] = false;
+ $config->custom->appearance['tree'] = 'AJAXTree';
$servers = new Datastore();
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','${env.ldap.dn}');
$servers->setValue('login','bind_pass','${env.ldap.password}');
- $servers->setValue('appearance','password_hash','ssha');
+ $servers->setValue('appearance','pla_password_hash','ssha');
$servers->setValue('login','attr','uid');
$servers->setValue('login','fallback_dn',true);
'';
- }];
- webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
+ };
+ webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
webappName = "tools_ldap";
root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
+ vhostConf = socket: ''
Alias /ldap "${root}"
<Directory "${root}">
DirectoryIndex index.php
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${socket}|fcgi://localhost"
</FilesMatch>
AllowOverride None
};
phpFpm = rec {
serviceDeps = [ "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
- socket = "/var/run/phpfpm/ldap.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = ondemand
- pm.max_children = 60
- pm.process_idle_timeout = 60
+ basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ];
+ pool = {
+ "listen.owner" = apache.user;
+ "listen.group" = apache.group;
+ "pm" = "ondemand";
+ "pm.max_children" = "60";
+ "pm.process_idle_timeout" = "60";
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = LdapPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
- '';
+ # Needed to avoid clashes in browser cookies (same domain)
+ "php_value[session.name]" = "LdapPHPSESSID";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
+ };
};
}
projects / perso / Immae / Config / Nix.git / blobdiff