1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
{ lib, php, env, writeText, phpldapadmin }:
rec {
activationScript = {
deps = [ "httpd" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
'';
};
keys = [{
dest = "webapps/tools-ldap";
user = apache.user;
group = apache.group;
permissions = "0400";
text = ''
<?php
$config->custom->appearance['show_clear_password'] = true;
$config->custom->appearance['hide_template_warning'] = true;
$config->custom->appearance['theme'] = "tango";
$config->custom->appearance['minimalMode'] = false;
$config->custom->appearance['tree'] = 'AJAXTree';
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','Immae’s LDAP');
$servers->setValue('server','host','ldaps://${env.ldap.host}');
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','${env.ldap.dn}');
$servers->setValue('login','bind_pass','${env.ldap.password}');
$servers->setValue('appearance','pla_password_hash','ssha');
$servers->setValue('login','attr','uid');
$servers->setValue('login','fallback_dn',true);
'';
}];
webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
webappName = "tools_ldap";
root = "/run/current-system/webapps/${webappName}";
vhostConf = socket: ''
Alias /ldap "${root}"
<Directory "${root}">
DirectoryIndex index.php
<FilesMatch "\.php$">
SetHandler "proxy:unix:${socket}|fcgi://localhost"
</FilesMatch>
AllowOverride None
Require all granted
</Directory>
'';
};
phpFpm = rec {
serviceDeps = [ "openldap.service" ];
basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
pool = {
"listen.owner" = apache.user;
"listen.group" = apache.group;
"pm" = "ondemand";
"pm.max_children" = "60";
"pm.process_idle_timeout" = "60";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "LdapPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
"php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
};
};
}
|