WIP: nixify

This commit is contained in:
Oystein Kristoffer Tveit 2024-03-24 08:20:54 +01:00 committed by Felix Albrigtsen
parent a8fb2af3e7
commit 123dd33ea4
5 changed files with 83 additions and 28 deletions

View File

@ -1,7 +1,14 @@
<?php <?php
require dirname(dirname(dirname(dirname(__DIR__)))) . '/config.php'; # require_once(dirname(dirname(dirname(dirname(__DIR__)))) . DIRECTORY_SEPARATOR . 'config.php');
echo $SAML_COOKIE_SECURE;
/*
$config_dir = dirname(__DIR__);
while (!file_exists($config_dir . DIRECTORY_SEPARATOR . 'config.php')) {
$config_dir = dirname($config_dir);
}
include $config_dir . DIRECTORY_SEPARATOR . 'config.php';
*/
/** /**
* The configuration of SimpleSAMLphp * The configuration of SimpleSAMLphp

View File

@ -40,6 +40,11 @@ in
(attrs: !(attrs ? "type")) (attrs: !(attrs ? "type"))
(_: option: option // { type = types.either option.type format.lib.types.raw; }) (_: option: option // { type = types.either option.type format.lib.types.raw; })
{ {
DOOR_SECRET = mkOption {
type = types.str;
description = mdDoc "Secret for the door sensor API";
};
GALLERY = { GALLERY = {
DIR = mkOption { DIR = mkOption {
type = types.path; type = types.path;
@ -89,13 +94,50 @@ in
description = mdDoc "Database password. Recommends: null, set in extraConfig"; description = mdDoc "Database password. Recommends: null, set in extraConfig";
}; };
}; };
SAML = {
COOKIE_SALT = mkOption {
type = types.str;
description = mdDoc "Salt for the SAML cookies";
};
COOKIE_SECURE = mkOption {
type = types.bool;
default = true;
description = mdDoc "Whether to set the secure flag on the SAML cookies";
};
ADMIN_PASSWORD = mkOption {
type = types.str;
description = mdDoc "Password for the admin user";
};
TRUSTED_DOMAINS = mkOption {
type = types.listOf types.str;
default = [ cfg.domainName ];
description = mdDoc "List of trusted domains for the SAML service";
};
};
}; };
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable (let
# NOTE: This should absolutely not be necessary, but for some reason this file refuses to import
# the toplevel configuration file.
# NOTE: Nvm, don't this this was the problem after all?
finalPackage = cfg.package.overrideAttrs (_: _: {
postInstall = cfg.package.postInstall + ''
substituteInPlace $simplesamlphp/config/config.php \
--replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
--replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
--replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}'
'';
});
in {
users.users = mkIf (cfg.user == "pvv-nettsiden") { users.users = mkIf (cfg.user == "pvv-nettsiden") {
"pvv-nettsiden" = { "pvv-nettsiden" = {
description = "PVV Website Service User"; description = "PVV Website Service User";
@ -120,22 +162,28 @@ in
enableACME = mkDefault true; enableACME = mkDefault true;
locations = { locations = {
"/" = { "/" = {
root = "${cfg.package}/share/php/pvv-nettsiden/www/"; root = "${finalPackage}/share/php/pvv-nettsiden/www/";
index = "index.php"; index = "index.php";
}; };
"~ \\.php$".extraConfig = '' "~ \\.php$".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${cfg.package}/share/php/pvv-nettsiden/www$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${finalPackage}/share/php/pvv-nettsiden/www$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket}; fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
''; '';
${cfg.settings.GALLERY.SERVER_PATH} = { ${cfg.settings.GALLERY.SERVER_PATH} = {
root = cfg.settings.GALLERY.DIR; root = cfg.settings.GALLERY.DIR;
extraConfig = ''
rewrite ^${cfg.settings.GALLERY.SERVER_PATH}/(.*)$ $1 break;
'';
}; };
${cfg.settings.SLIDESHOW.SERVER_PATH} = { ${cfg.settings.SLIDESHOW.SERVER_PATH} = {
root = cfg.settings.SLIDESHOW.DIR; root = cfg.settings.SLIDESHOW.DIR;
extraConfig = ''
rewrite ^${cfg.settings.SLIDESHOW.SERVER_PATH}/(.*)$ $1 break;
'';
}; };
}; };
}; };
@ -157,5 +205,5 @@ in
"pm.max_requests" = mkDefault 500; "pm.max_requests" = mkDefault 500;
}; };
}; };
}; });
} }

View File

@ -6,9 +6,9 @@ php.buildComposerProject {
version = "0.0.1"; version = "0.0.1";
vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI="; vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
postInstall = '' simplesamlphp = "${placeholder "out"}/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
simplesamlphp="$out/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"
postInstall = ''
mkdir -p $simplesamlphp/config mkdir -p $simplesamlphp/config
mkdir -p $simplesamlphp/metadata mkdir -p $simplesamlphp/metadata

View File

@ -2,10 +2,7 @@
with lib; with lib;
{ }: { { }: let
inherit (pkgs.formats.json { }) type;
generate = name: value: let
valueToString = val: valueToString = val:
if val == null then if val == null then
"null" "null"
@ -22,7 +19,10 @@ with lib;
else if isAttrs val then else if isAttrs val then
throw "Found unexpected attrs, that were not created by mkRaw. Have you put attrs in an array?\n${val}" throw "Found unexpected attrs, that were not created by mkRaw. Have you put attrs in an array?\n${val}"
else throw "unsupported :')"; else throw "unsupported :')";
in {
inherit (pkgs.formats.json { }) type;
generate = name: value: let
flattenStructuredSettings = attrs: let flattenStructuredSettings = attrs: let
partitionAttrs = pred: attrs: lib.pipe attrs [ partitionAttrs = pred: attrs: lib.pipe attrs [
attrsToList attrsToList
@ -50,6 +50,8 @@ with lib;
in pkgs.writeText name content; in pkgs.writeText name content;
lib = { lib = {
inherit valueToString;
mkRaw = value: { mkRaw = value: {
inherit value; inherit value;
_type = "raw"; _type = "raw";

View File

@ -1,8 +1,6 @@
<?php <?php
require_once dirname(__DIR__) . implode(DIRECTORY_SEPARATOR, ['', 'inc', 'include.php']); require_once dirname(__DIR__) . implode(DIRECTORY_SEPARATOR, ['', 'inc', 'include.php']);
echo $DOOR_SECRET;
$translation = ['I dag', 'I morgen', 'Denne uka', 'Neste uke', 'Denne måneden', 'Neste måned']; $translation = ['I dag', 'I morgen', 'Denne uka', 'Neste uke', 'Denne måneden', 'Neste måned'];
$pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS); $pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);