rebase nixify
This commit is contained in:
parent
c8793a4371
commit
23a6a3368c
|
|
@ -16,5 +16,9 @@ $SAML_COOKIE_SALT = 'changeme';
|
|||
$SAML_COOKIE_SECURE = false;
|
||||
$SAML_TRUSTED_DOMAINS = array("localhost:1080");
|
||||
$SAML_ADMIN_PASSWORD = "changeme";
|
||||
$SAML_ADMIN_NAME = 'PVV Drift';
|
||||
$SAML_ADMIN_EMAIL = 'drift@pvv.ntnu.no';
|
||||
|
||||
$CACHE_DIRECTORY = __DIR__.DIRECTORY_SEPARATOR.'cache';
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ $config = [
|
|||
* When specified as a relative path, this is relative to the SimpleSAMLphp
|
||||
* root directory.
|
||||
*/
|
||||
'cachedir' => '/var/cache/simplesamlphp',
|
||||
'cachedir' => $CACHE_DIRECTORY,
|
||||
//'loggingdir' => '/var/log/',
|
||||
//'datadir' => '/var/data/',
|
||||
//'tempdir' => '/tmp/simplesamlphp',
|
||||
|
|
@ -127,8 +127,8 @@ $config = [
|
|||
* The email address will be used as the recipient address for error reports, and
|
||||
* also as the technical contact in generated metadata.
|
||||
*/
|
||||
'technicalcontact_name' => 'Administrator',
|
||||
'technicalcontact_email' => 'na@example.org',
|
||||
'technicalcontact_name' => $SAML_ADMIN_NAME,
|
||||
'technicalcontact_email' => $SAML_ADMIN_EMAIL,
|
||||
|
||||
/*
|
||||
* (Optional) The method by which email is delivered. Defaults to mail which utilizes the
|
||||
|
|
|
|||
|
|
@ -107,6 +107,16 @@ in
|
|||
description = mdDoc "Whether to set the secure flag on the SAML cookies";
|
||||
};
|
||||
|
||||
ADMIN_NAME = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc "Name for the admin user";
|
||||
};
|
||||
|
||||
ADMIN_EMAIL = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc "Email for the admin user";
|
||||
};
|
||||
|
||||
ADMIN_PASSWORD = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc "Password for the admin user";
|
||||
|
|
@ -118,6 +128,12 @@ in
|
|||
description = mdDoc "List of trusted domains for the SAML service";
|
||||
};
|
||||
};
|
||||
|
||||
CACHE_DIRECTORY = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/cache/pvv-nettsiden/simplesamlphp";
|
||||
description = mdDoc "List of trusted domains for the SAML service";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -134,7 +150,10 @@ in
|
|||
--replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
|
||||
--replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
|
||||
--replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
|
||||
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}'
|
||||
--replace '$SAML_ADMIN_NAME' '${format.lib.valueToString cfg.settings.SAML.ADMIN_NAME}' \
|
||||
--replace '$SAML_ADMIN_EMAIL' '${format.lib.valueToString cfg.settings.SAML.ADMIN_EMAIL}' \
|
||||
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}' \
|
||||
--replace '$CACHE_DIRECTORY' '${format.lib.valueToString cfg.settings.CACHE_DIRECTORY}'
|
||||
'';
|
||||
});
|
||||
in {
|
||||
|
|
@ -151,6 +170,11 @@ in
|
|||
"pvv-nettsiden" = { };
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-pvv-nettsiden".${cfg.settings.CACHE_DIRECTORY}.d = {
|
||||
inherit (cfg) user group;
|
||||
mode = "0770";
|
||||
};
|
||||
|
||||
services.nginx = mkIf cfg.enableNginx {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -174,14 +198,14 @@ in
|
|||
|
||||
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
||||
"^~ /simplesaml/" = {
|
||||
alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/";
|
||||
alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/";
|
||||
index = "index.php";
|
||||
|
||||
extraConfig = ''
|
||||
location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
|
||||
fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/$phpfile;
|
||||
fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/$phpfile;
|
||||
|
||||
# Must be prepended with the baseurlpath
|
||||
fastcgi_param SCRIPT_NAME /simplesaml/$phpfile;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
{ php }:
|
||||
{ lib
|
||||
, php
|
||||
, extra_files ? { }
|
||||
}:
|
||||
|
||||
php.buildComposerProject rec {
|
||||
src = ./..;
|
||||
|
|
@ -9,10 +12,17 @@ php.buildComposerProject rec {
|
|||
passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
|
||||
|
||||
postInstall = ''
|
||||
install -Dm444 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php
|
||||
install -Dm444 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
|
||||
install -Dm444 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
|
||||
install -Dm644 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php
|
||||
install -Dm644 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
|
||||
install -Dm644 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
|
||||
install -Dm644 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
|
||||
|
||||
install -Dm444 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
|
||||
${lib.pipe extra_files [
|
||||
(lib.mapAttrsToList (target_path: source_path: ''
|
||||
mkdir -p $(dirname "$out/${target_path}")
|
||||
cp -r "${source_path}" "$out/${target_path}"
|
||||
''))
|
||||
(lib.concatStringsSep "\n")
|
||||
]}
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue