WIP: nixify

This commit is contained in:
Oystein Kristoffer Tveit 2024-03-24 08:20:54 +01:00 committed by Felix Albrigtsen
parent a8fb2af3e7
commit 123dd33ea4
5 changed files with 83 additions and 28 deletions

View File

@ -1,7 +1,14 @@
<?php
require dirname(dirname(dirname(dirname(__DIR__)))) . '/config.php';
echo $SAML_COOKIE_SECURE;
# require_once(dirname(dirname(dirname(dirname(__DIR__)))) . DIRECTORY_SEPARATOR . 'config.php');
/*
$config_dir = dirname(__DIR__);
while (!file_exists($config_dir . DIRECTORY_SEPARATOR . 'config.php')) {
$config_dir = dirname($config_dir);
}
include $config_dir . DIRECTORY_SEPARATOR . 'config.php';
*/
/**
* The configuration of SimpleSAMLphp

View File

@ -40,6 +40,11 @@ in
(attrs: !(attrs ? "type"))
(_: option: option // { type = types.either option.type format.lib.types.raw; })
{
DOOR_SECRET = mkOption {
type = types.str;
description = mdDoc "Secret for the door sensor API";
};
GALLERY = {
DIR = mkOption {
type = types.path;
@ -89,13 +94,50 @@ in
description = mdDoc "Database password. Recommends: null, set in extraConfig";
};
};
SAML = {
COOKIE_SALT = mkOption {
type = types.str;
description = mdDoc "Salt for the SAML cookies";
};
COOKIE_SECURE = mkOption {
type = types.bool;
default = true;
description = mdDoc "Whether to set the secure flag on the SAML cookies";
};
ADMIN_PASSWORD = mkOption {
type = types.str;
description = mdDoc "Password for the admin user";
};
TRUSTED_DOMAINS = mkOption {
type = types.listOf types.str;
default = [ cfg.domainName ];
description = mdDoc "List of trusted domains for the SAML service";
};
};
};
};
};
};
config = mkIf cfg.enable {
config = mkIf cfg.enable (let
# NOTE: This should absolutely not be necessary, but for some reason this file refuses to import
# the toplevel configuration file.
# NOTE: Nvm, don't this this was the problem after all?
finalPackage = cfg.package.overrideAttrs (_: _: {
postInstall = cfg.package.postInstall + ''
substituteInPlace $simplesamlphp/config/config.php \
--replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
--replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
--replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}'
'';
});
in {
users.users = mkIf (cfg.user == "pvv-nettsiden") {
"pvv-nettsiden" = {
description = "PVV Website Service User";
@ -120,22 +162,28 @@ in
enableACME = mkDefault true;
locations = {
"/" = {
root = "${cfg.package}/share/php/pvv-nettsiden/www/";
root = "${finalPackage}/share/php/pvv-nettsiden/www/";
index = "index.php";
};
"~ \\.php$".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${cfg.package}/share/php/pvv-nettsiden/www$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME ${finalPackage}/share/php/pvv-nettsiden/www$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
'';
${cfg.settings.GALLERY.SERVER_PATH} = {
root = cfg.settings.GALLERY.DIR;
extraConfig = ''
rewrite ^${cfg.settings.GALLERY.SERVER_PATH}/(.*)$ $1 break;
'';
};
${cfg.settings.SLIDESHOW.SERVER_PATH} = {
root = cfg.settings.SLIDESHOW.DIR;
extraConfig = ''
rewrite ^${cfg.settings.SLIDESHOW.SERVER_PATH}/(.*)$ $1 break;
'';
};
};
};
@ -157,5 +205,5 @@ in
"pm.max_requests" = mkDefault 500;
};
};
};
});
}

View File

@ -6,9 +6,9 @@ php.buildComposerProject {
version = "0.0.1";
vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
postInstall = ''
simplesamlphp="$out/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"
simplesamlphp = "${placeholder "out"}/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
postInstall = ''
mkdir -p $simplesamlphp/config
mkdir -p $simplesamlphp/metadata

View File

@ -2,10 +2,7 @@
with lib;
{ }: {
inherit (pkgs.formats.json { }) type;
generate = name: value: let
{ }: let
valueToString = val:
if val == null then
"null"
@ -22,7 +19,10 @@ with lib;
else if isAttrs val then
throw "Found unexpected attrs, that were not created by mkRaw. Have you put attrs in an array?\n${val}"
else throw "unsupported :')";
in {
inherit (pkgs.formats.json { }) type;
generate = name: value: let
flattenStructuredSettings = attrs: let
partitionAttrs = pred: attrs: lib.pipe attrs [
attrsToList
@ -50,6 +50,8 @@ with lib;
in pkgs.writeText name content;
lib = {
inherit valueToString;
mkRaw = value: {
inherit value;
_type = "raw";

View File

@ -1,8 +1,6 @@
<?php
require_once dirname(__DIR__) . implode(DIRECTORY_SEPARATOR, ['', 'inc', 'include.php']);
echo $DOOR_SECRET;
$translation = ['I dag', 'I morgen', 'Denne uka', 'Neste uke', 'Denne måneden', 'Neste måned'];
$pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);