From 7d8b50d392f3aa588518d81b547ffe8cd9364544 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 7 Jan 2019 00:43:12 +0100 Subject: =?UTF-8?q?Add=20Chlo=C3=A9's=20website?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- virtual/packages/chloe.json | 14 ++++ virtual/packages/chloe.nix | 129 ++++++++++++++++++++++++++++++ virtual/packages/chloe_config/chmod.php | 4 + virtual/packages/chloe_config/connect.php | 6 ++ virtual/packages/chloe_config/ldap.php | 9 +++ virtual/packages/spip_ldap_patch.patch | 60 ++++++++++++++ virtual/packages/spip_mes_options.php | 17 ++++ 7 files changed, 239 insertions(+) create mode 100644 virtual/packages/chloe.json create mode 100644 virtual/packages/chloe.nix create mode 100644 virtual/packages/chloe_config/chmod.php create mode 100644 virtual/packages/chloe_config/connect.php create mode 100644 virtual/packages/chloe_config/ldap.php create mode 100644 virtual/packages/spip_ldap_patch.patch create mode 100644 virtual/packages/spip_mes_options.php (limited to 'virtual/packages') diff --git a/virtual/packages/chloe.json b/virtual/packages/chloe.json new file mode 100644 index 0000000..d9cf651 --- /dev/null +++ b/virtual/packages/chloe.json @@ -0,0 +1,14 @@ +{ + "tag": "1a2ef9a-master", + "meta": { + "name": "chloe", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "rev": "1a2ef9acee91792e8096854919f0a2f005a3f481", + "sha256": "1h10d2bgvpkm7yi7sbshfi3h50fx202jgnfwiarq5wm947f9phrn", + "fetchSubmodules": true + } +} diff --git a/virtual/packages/chloe.nix b/virtual/packages/chloe.nix new file mode 100644 index 0000000..2ca1d6f --- /dev/null +++ b/virtual/packages/chloe.nix @@ -0,0 +1,129 @@ +{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }: +let + chloe = { environment ? "dev" }: rec { + varPrefix = "CHLOE"; + envName= lib.strings.toUpper environment; + phpFpm = rec { + socket = "/var/run/phpfpm/chloe-${environment}.sock"; + pool = + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"; + '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${./spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" + env[SPIP_CONFIG_DIR] = "${configDir}" + env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" + env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" + env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}" + env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}" + env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}" + env[SPIP_MYSQL_HOST] = "db-1.immae.eu" + env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}" + env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}" + env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + RewriteEngine On + ${if environment == "prod" then '' + RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 + '' else ""} + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + DirectoryIndex index.php index.htm index.html + Options -Indexes +FollowSymLinks +MultiViews +Includes + Include ${webRoot}/htaccess.txt + + AllowOverride AuthConfig FileInfo Limit + Require all granted + + + + Require all denied + + + + Require all denied + + + + Require all denied + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + '' else ""} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/tmp ${varDir}/local + ''; + }; + configDir = ./chloe_config; + varDir = "/var/lib/chloe_${environment}"; + siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { + buildPhase = '' + make + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ sassc ]; + }); + webRoot = stdenv.mkDerivation rec { + name = "spip-${version}"; + version = "3.2"; + src = fetchzip { + url = "http://files.spip.org/spip/stable/${name}.zip"; + sha256 = "0cacpxs9nv61i3hzd3nbmplq4mp22s886llhacp3n4923jd6snx5"; + }; + paches = [ ./spip_ldap_patch.patch ]; + buildPhase = '' + rm -rf IMG local tmp config/remove.txt + ln -sf ${./spip_mes_options.php} config/mes_options.php + echo "Require all denied" > "config/.htaccess" + ln -sf ../../../../../${varDir}/{IMG,local,tmp} . + ''; + installPhase = '' + cp -a . $out + cp -a ${siteDir}/* $out + ''; + }; + }; +in + chloe diff --git a/virtual/packages/chloe_config/chmod.php b/virtual/packages/chloe_config/chmod.php new file mode 100644 index 0000000..aae16cd --- /dev/null +++ b/virtual/packages/chloe_config/chmod.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/virtual/packages/chloe_config/connect.php b/virtual/packages/chloe_config/connect.php new file mode 100644 index 0000000..2e4439f --- /dev/null +++ b/virtual/packages/chloe_config/connect.php @@ -0,0 +1,6 @@ + diff --git a/virtual/packages/chloe_config/ldap.php b/virtual/packages/chloe_config/ldap.php new file mode 100644 index 0000000..825b7ed --- /dev/null +++ b/virtual/packages/chloe_config/ldap.php @@ -0,0 +1,9 @@ + array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); +$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); +?> diff --git a/virtual/packages/spip_ldap_patch.patch b/virtual/packages/spip_ldap_patch.patch new file mode 100644 index 0000000..653c909 --- /dev/null +++ b/virtual/packages/spip_ldap_patch.patch @@ -0,0 +1,60 @@ +--- old/ecrire/auth/ldap.php 2017-06-08 21:58:17.000000000 +0200 ++++ new/ecrire/auth/ldap.php 2017-06-10 02:54:02.687954143 +0200 +@@ -171,24 +171,41 @@ + $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ; + + $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']); ++ if (isset($GLOBALS['ldap_search'])) { ++ $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']); ++ $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- // Tenter une recherche pour essayer de retrouver le DN +- foreach ($logins as $att) { +- $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); +- $info = @ldap_get_entries($ldap_link, $result); +- // Ne pas accepter les resultats si plus d'une entree +- // (on veut un attribut unique) ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } else { ++ // Tenter une recherche pour essayer de retrouver le DN ++ foreach ($logins as $att) { ++ $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- if (is_array($info) and $info['count'] == 1) { +- $dn = $info[0]['dn']; +- if (!$checkpass) { +- return $dn; +- } +- if (@ldap_bind($ldap_link, $dn, $pass)) { +- return $dn; +- } +- } +- } ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } ++ } + + if ($checkpass and !isset($dn)) { + // Si echec, essayer de deviner le DN diff --git a/virtual/packages/spip_mes_options.php b/virtual/packages/spip_mes_options.php new file mode 100644 index 0000000..88ac449 --- /dev/null +++ b/virtual/packages/spip_mes_options.php @@ -0,0 +1,17 @@ + -- cgit v1.2.3