diff options
Diffstat (limited to 'modules/private/websites/tools/tools/ldap.nix')
-rw-r--r-- | modules/private/websites/tools/tools/ldap.nix | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix deleted file mode 100644 index 2ca59f7..0000000 --- a/modules/private/websites/tools/tools/ldap.nix +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | { lib, php, env, writeText, phpldapadmin, config }: | ||
2 | rec { | ||
3 | activationScript = { | ||
4 | deps = [ "httpd" ]; | ||
5 | text = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin | ||
7 | ''; | ||
8 | }; | ||
9 | keys."webapps/tools-ldap" = { | ||
10 | user = apache.user; | ||
11 | group = apache.group; | ||
12 | permissions = "0400"; | ||
13 | text = '' | ||
14 | <?php | ||
15 | $config->custom->appearance['show_clear_password'] = true; | ||
16 | $config->custom->appearance['hide_template_warning'] = true; | ||
17 | $config->custom->appearance['theme'] = "tango"; | ||
18 | $config->custom->appearance['minimalMode'] = false; | ||
19 | $config->custom->appearance['tree'] = 'AJAXTree'; | ||
20 | |||
21 | $servers = new Datastore(); | ||
22 | |||
23 | $servers->newServer('ldap_pla'); | ||
24 | $servers->setValue('server','name','Immae’s LDAP'); | ||
25 | $servers->setValue('server','host','ldaps://${env.ldap.host}'); | ||
26 | $servers->setValue('login','auth_type','cookie'); | ||
27 | $servers->setValue('login','bind_id','${env.ldap.dn}'); | ||
28 | $servers->setValue('login','bind_pass','${env.ldap.password}'); | ||
29 | $servers->setValue('appearance','pla_password_hash','ssha'); | ||
30 | $servers->setValue('login','attr','uid'); | ||
31 | $servers->setValue('login','fallback_dn',true); | ||
32 | ''; | ||
33 | }; | ||
34 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; | ||
35 | apache = rec { | ||
36 | user = "wwwrun"; | ||
37 | group = "wwwrun"; | ||
38 | modules = [ "proxy_fcgi" ]; | ||
39 | root = "${webRoot}/htdocs"; | ||
40 | vhostConf = socket: '' | ||
41 | Alias /ldap "${root}" | ||
42 | <Directory "${root}"> | ||
43 | DirectoryIndex index.php | ||
44 | <FilesMatch "\.php$"> | ||
45 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
46 | </FilesMatch> | ||
47 | |||
48 | AllowOverride None | ||
49 | Require all granted | ||
50 | </Directory> | ||
51 | ''; | ||
52 | }; | ||
53 | phpFpm = rec { | ||
54 | serviceDeps = [ "openldap.service" ]; | ||
55 | basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ]; | ||
56 | pool = { | ||
57 | "listen.owner" = apache.user; | ||
58 | "listen.group" = apache.group; | ||
59 | "pm" = "ondemand"; | ||
60 | "pm.max_children" = "60"; | ||
61 | "pm.process_idle_timeout" = "60"; | ||
62 | |||
63 | # Needed to avoid clashes in browser cookies (same domain) | ||
64 | "php_value[session.name]" = "LdapPHPSESSID"; | ||
65 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"; | ||
66 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin"; | ||
67 | }; | ||
68 | }; | ||
69 | } | ||