From 5f6ff49e37b92c7aeada9b867246d4a513b5ae56 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 24 Dec 2019 08:27:02 +0100
Subject: [PATCH] Protect adminer access

---
 modules/private/websites/commons/adminer.nix     | 5 ++++-
 modules/private/websites/tools/tools/adminer.nix | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix
index 98ab461..d591c90 100644
--- a/modules/private/websites/commons/adminer.nix
+++ b/modules/private/websites/commons/adminer.nix
@@ -11,10 +11,13 @@ rec {
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index cd51e7f..e41c488 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -37,10 +37,13 @@ rec {
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };
-- 
2.41.0