From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Tue, 24 Dec 2019 07:27:02 +0000 (+0100)
Subject: Protect adminer access
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=5f6ff49e37b92c7aeada9b867246d4a513b5ae56

Protect adminer access
---

diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix
index 98ab461..d591c90 100644
--- a/modules/private/websites/commons/adminer.nix
+++ b/modules/private/websites/commons/adminer.nix
@@ -11,10 +11,13 @@ rec {
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index cd51e7f..e41c488 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -37,10 +37,13 @@ rec {
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };