pvv-nixos-config/hosts/bekkalokk/services/website/default.nix

{ pkgs, lib, config, ... }:
let
  format = pkgs.formats.php { };
  cfg = config.services.pvv-nettsiden;
in {
  imports = [
    ./fetch-gallery.nix
  ];

  sops.secrets = lib.genAttrs [
    "nettsiden/door_secret"
    "nettsiden/mysql_password"
    "nettsiden/simplesamlphp/admin_password"
    "nettsiden/simplesamlphp/cookie_salt"
  ] (_: {
    owner = config.services.phpfpm.pools.pvv-nettsiden.user;
    group = config.services.phpfpm.pools.pvv-nettsiden.group;
    restartUnits = [ "phpfpm-pvv-nettsiden.service" ];
  });

  services.idp.sp-remote-metadata = [ "https://${cfg.domainName}/simplesaml/" ];

  services.pvv-nettsiden = {
    enable = true;

    package = pkgs.pvv-nettsiden.override {
      extra_files = {
        "${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
        "${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''
          <?php
          $config = array(
              'admin' => array(
                'core:AdminPassword'
              ),
              'default-sp' => array(
                  'saml:SP',
                  'entityID' => 'https://${cfg.domainName}/simplesaml/',
                  'idp' => 'https://idp2.pvv.ntnu.no/',
              ),
          );
	'';
      };
    };

    domainName = "www2.pvv.ntnu.no";

    settings = let
      includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";
    in {
      DOOR_SECRET = includeFromSops "door_secret";

      DB = {
        DSN = "mysql:dbname=www-data_nettside;host=mysql.pvv.ntnu.no";
        USER = "www-data_nettsi";
        PASS = includeFromSops "mysql_password";
      };

      # TODO: set up postgres session for simplesamlphp
      SAML = {
        COOKIE_SALT = includeFromSops "simplesamlphp/cookie_salt";
        COOKIE_SECURE = true;
        ADMIN_NAME = "PVV Drift";
        ADMIN_EMAIL = "drift@pvv.ntnu.no";
        ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
        TRUSTED_DOMAINS = [ cfg.domainName ];
      };
    };
  };

  services.phpfpm.pools."pvv-nettsiden".settings = {
    # "php_admin_value[error_log]" = "stderr";
    "php_admin_flag[log_errors]" = true;
    "catch_workers_output" = true;
  };
}
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`{ pkgs, lib, config, ... }:`
			`let`
			`format = pkgs.formats.php { };`
			`cfg = config.services.pvv-nettsiden;`
			`in {`
			`imports = [`
			`./fetch-gallery.nix`
			`];`

bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`sops.secrets = lib.genAttrs [`
			`"nettsiden/door_secret"`
			`"nettsiden/mysql_password"`
			`"nettsiden/simplesamlphp/admin_password"`
			`"nettsiden/simplesamlphp/cookie_salt"`
			`] (_: {`
			`owner = config.services.phpfpm.pools.pvv-nettsiden.user;`
			`group = config.services.phpfpm.pools.pvv-nettsiden.group;`
			`restartUnits = [ "phpfpm-pvv-nettsiden.service" ];`
			`});`

			`services.idp.sp-remote-metadata = [ "https://${cfg.domainName}/simplesaml/" ];`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00
			`services.pvv-nettsiden = {`
			`enable = true;`

			`package = pkgs.pvv-nettsiden.override {`
			`extra_files = {`
			`"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);`
			`"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''`
			`<?php`
			`$config = array(`
bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`'admin' => array(`
			`'core:AdminPassword'`
			`),`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`'default-sp' => array(`
			`'saml:SP',`
bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`'entityID' => 'https://${cfg.domainName}/simplesaml/',`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`'idp' => 'https://idp2.pvv.ntnu.no/',`
			`),`
			`);`
			`'';`
			`};`
			`};`

			`domainName = "www2.pvv.ntnu.no";`

bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`settings = let`
			`includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";`
			`in {`
			`DOOR_SECRET = includeFromSops "door_secret";`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00
			`DB = {`
bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`DSN = "mysql:dbname=www-data_nettside;host=mysql.pvv.ntnu.no";`
			`USER = "www-data_nettsi";`
			`PASS = includeFromSops "mysql_password";`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`};`

bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`# TODO: set up postgres session for simplesamlphp`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`SAML = {`
bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`COOKIE_SALT = includeFromSops "simplesamlphp/cookie_salt";`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`COOKIE_SECURE = true;`
			`ADMIN_NAME = "PVV Drift";`
			`ADMIN_EMAIL = "drift@pvv.ntnu.no";`
bekkalokk/nettsiden: add secrets 2024-04-08 23:07:41 +02:00			`ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";`
bekkalokk: set up pvv-nettsiden 2024-03-28 10:52:59 +01:00			`TRUSTED_DOMAINS = [ cfg.domainName ];`
			`};`
			`};`
			`};`

			`services.phpfpm.pools."pvv-nettsiden".settings = {`
			`# "php_admin_value[error_log]" = "stderr";`
			`"php_admin_flag[log_errors]" = true;`
			`"catch_workers_output" = true;`
			`};`
			`}`