X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fldap.nix;h=623adb581594a381c2cfba2a5a4d9b5416d3bd37;hp=82615a7f8b126a11235505f5cff36fe306551dfc;hb=b7d2d4e3da7da83bc7f133acaa216375890592b1;hpb=f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix index 82615a7..623adb5 100644 --- a/nixops/modules/websites/tools/tools/ldap.nix +++ b/nixops/modules/websites/tools/tools/ldap.nix @@ -1,24 +1,30 @@ { lib, php, env, writeText, stdenv, optipng, fetchurl }: rec { - config = writeText "config.php" '' - custom->appearance['show_clear_password'] = true; - $config->custom->appearance['hide_template_warning'] = true; - $config->custom->appearance['theme'] = "tango"; - $config->custom->appearance['minimalMode'] = true; + keys.tools-ldap = { + destDir = "/run/keys/webapps"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + custom->appearance['show_clear_password'] = true; + $config->custom->appearance['hide_template_warning'] = true; + $config->custom->appearance['theme'] = "tango"; + $config->custom->appearance['minimalMode'] = true; - $servers = new Datastore(); + $servers = new Datastore(); - $servers->newServer('ldap_pla'); - $servers->setValue('server','name','Immae’s LDAP'); - $servers->setValue('server','host','ldaps://${env.ldap.host}'); - $servers->setValue('login','auth_type','cookie'); - $servers->setValue('login','bind_id','${env.ldap.dn}'); - $servers->setValue('login','bind_pass','${env.ldap.password}'); - $servers->setValue('appearance','password_hash','ssha'); - $servers->setValue('login','attr','uid'); - $servers->setValue('login','fallback_dn',true); - ''; + $servers->newServer('ldap_pla'); + $servers->setValue('server','name','Immae’s LDAP'); + $servers->setValue('server','host','ldaps://${env.ldap.host}'); + $servers->setValue('login','auth_type','cookie'); + $servers->setValue('login','bind_id','${env.ldap.dn}'); + $servers->setValue('login','bind_pass','${env.ldap.password}'); + $servers->setValue('appearance','password_hash','ssha'); + $servers->setValue('login','attr','uid'); + $servers->setValue('login','fallback_dn',true); + ''; + }; webRoot = stdenv.mkDerivation rec { version = "1.2.3"; name = "phpldapadmin-${version}"; @@ -39,16 +45,18 @@ rec { ''; installPhase = '' cp -a . $out - ln -sf ${config} $out/config/config.php + ln -sf /run/keys/webapps/tools-ldap $out/config/config.php ''; }; - apache = { + apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; + webappName = "tools_ldap"; + root = "/run/current-system/webapps/${webappName}"; vhostConf = '' - Alias /ldap "${webRoot}/htdocs" - + Alias /ldap "${root}" + DirectoryIndex index.php SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" @@ -60,7 +68,8 @@ rec { ''; }; phpFpm = rec { - basedir = builtins.concatStringsSep ":" [ webRoot config ]; + serviceDeps = [ "openldap.service" "tools-ldap-key.service" ]; + basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ]; socket = "/var/run/phpfpm/ldap.sock"; pool = '' listen = ${socket} @@ -74,7 +83,8 @@ rec { ; Needed to avoid clashes in browser cookies (same domain) php_value[session.name] = LdapPHPSESSID - php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" + php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" ''; }; }