From 23a6a3368c15d38ee3cadfc2890f6b41c2a97a6f Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 6 Apr 2024 20:25:47 +0200 Subject: [PATCH] rebase nixify --- dist/config.local.php | 4 ++++ dist/simplesamlphp-config.php | 6 +++--- nix/module.nix | 30 +++++++++++++++++++++++++++--- nix/package.nix | 20 +++++++++++++++----- 4 files changed, 49 insertions(+), 11 deletions(-) diff --git a/dist/config.local.php b/dist/config.local.php index 1e324b6..1b7400d 100644 --- a/dist/config.local.php +++ b/dist/config.local.php @@ -16,5 +16,9 @@ $SAML_COOKIE_SALT = 'changeme'; $SAML_COOKIE_SECURE = false; $SAML_TRUSTED_DOMAINS = array("localhost:1080"); $SAML_ADMIN_PASSWORD = "changeme"; +$SAML_ADMIN_NAME = 'PVV Drift'; +$SAML_ADMIN_EMAIL = 'drift@pvv.ntnu.no'; + +$CACHE_DIRECTORY = __DIR__.DIRECTORY_SEPARATOR.'cache'; ?> diff --git a/dist/simplesamlphp-config.php b/dist/simplesamlphp-config.php index 73f69fe..952a08d 100644 --- a/dist/simplesamlphp-config.php +++ b/dist/simplesamlphp-config.php @@ -67,7 +67,7 @@ $config = [ * When specified as a relative path, this is relative to the SimpleSAMLphp * root directory. */ - 'cachedir' => '/var/cache/simplesamlphp', + 'cachedir' => $CACHE_DIRECTORY, //'loggingdir' => '/var/log/', //'datadir' => '/var/data/', //'tempdir' => '/tmp/simplesamlphp', @@ -127,8 +127,8 @@ $config = [ * The email address will be used as the recipient address for error reports, and * also as the technical contact in generated metadata. */ - 'technicalcontact_name' => 'Administrator', - 'technicalcontact_email' => 'na@example.org', + 'technicalcontact_name' => $SAML_ADMIN_NAME, + 'technicalcontact_email' => $SAML_ADMIN_EMAIL, /* * (Optional) The method by which email is delivered. Defaults to mail which utilizes the diff --git a/nix/module.nix b/nix/module.nix index eaea5d4..9dded6f 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -107,6 +107,16 @@ in description = mdDoc "Whether to set the secure flag on the SAML cookies"; }; + ADMIN_NAME = mkOption { + type = types.str; + description = mdDoc "Name for the admin user"; + }; + + ADMIN_EMAIL = mkOption { + type = types.str; + description = mdDoc "Email for the admin user"; + }; + ADMIN_PASSWORD = mkOption { type = types.str; description = mdDoc "Password for the admin user"; @@ -118,6 +128,12 @@ in description = mdDoc "List of trusted domains for the SAML service"; }; }; + + CACHE_DIRECTORY = mkOption { + type = types.path; + default = "/var/cache/pvv-nettsiden/simplesamlphp"; + description = mdDoc "List of trusted domains for the SAML service"; + }; }; }; }; @@ -134,7 +150,10 @@ in --replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \ --replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \ --replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \ - --replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}' + --replace '$SAML_ADMIN_NAME' '${format.lib.valueToString cfg.settings.SAML.ADMIN_NAME}' \ + --replace '$SAML_ADMIN_EMAIL' '${format.lib.valueToString cfg.settings.SAML.ADMIN_EMAIL}' \ + --replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}' \ + --replace '$CACHE_DIRECTORY' '${format.lib.valueToString cfg.settings.CACHE_DIRECTORY}' ''; }); in { @@ -151,6 +170,11 @@ in "pvv-nettsiden" = { }; }; + systemd.tmpfiles.settings."10-pvv-nettsiden".${cfg.settings.CACHE_DIRECTORY}.d = { + inherit (cfg) user group; + mode = "0770"; + }; + services.nginx = mkIf cfg.enableNginx { enable = true; @@ -174,14 +198,14 @@ in # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx "^~ /simplesaml/" = { - alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/"; + alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/"; index = "index.php"; extraConfig = '' location ~ ^/simplesaml/(?.+?\.php)(?/.*)?$ { include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket}; - fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/$phpfile; + fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/$phpfile; # Must be prepended with the baseurlpath fastcgi_param SCRIPT_NAME /simplesaml/$phpfile; diff --git a/nix/package.nix b/nix/package.nix index 795d9c5..83796de 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -1,4 +1,7 @@ -{ php }: +{ lib +, php +, extra_files ? { } +}: php.buildComposerProject rec { src = ./..; @@ -9,10 +12,17 @@ php.buildComposerProject rec { passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"; postInstall = '' - install -Dm444 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php - install -Dm444 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php - install -Dm444 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php + install -Dm644 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php + install -Dm644 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php + install -Dm644 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php + install -Dm644 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php - install -Dm444 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php + ${lib.pipe extra_files [ + (lib.mapAttrsToList (target_path: source_path: '' + mkdir -p $(dirname "$out/${target_path}") + cp -r "${source_path}" "$out/${target_path}" + '')) + (lib.concatStringsSep "\n") + ]} ''; }