rebase nixify
This commit is contained in:
parent
c8793a4371
commit
23a6a3368c
|
|
@ -16,5 +16,9 @@ $SAML_COOKIE_SALT = 'changeme';
|
||||||
$SAML_COOKIE_SECURE = false;
|
$SAML_COOKIE_SECURE = false;
|
||||||
$SAML_TRUSTED_DOMAINS = array("localhost:1080");
|
$SAML_TRUSTED_DOMAINS = array("localhost:1080");
|
||||||
$SAML_ADMIN_PASSWORD = "changeme";
|
$SAML_ADMIN_PASSWORD = "changeme";
|
||||||
|
$SAML_ADMIN_NAME = 'PVV Drift';
|
||||||
|
$SAML_ADMIN_EMAIL = 'drift@pvv.ntnu.no';
|
||||||
|
|
||||||
|
$CACHE_DIRECTORY = __DIR__.DIRECTORY_SEPARATOR.'cache';
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ $config = [
|
||||||
* When specified as a relative path, this is relative to the SimpleSAMLphp
|
* When specified as a relative path, this is relative to the SimpleSAMLphp
|
||||||
* root directory.
|
* root directory.
|
||||||
*/
|
*/
|
||||||
'cachedir' => '/var/cache/simplesamlphp',
|
'cachedir' => $CACHE_DIRECTORY,
|
||||||
//'loggingdir' => '/var/log/',
|
//'loggingdir' => '/var/log/',
|
||||||
//'datadir' => '/var/data/',
|
//'datadir' => '/var/data/',
|
||||||
//'tempdir' => '/tmp/simplesamlphp',
|
//'tempdir' => '/tmp/simplesamlphp',
|
||||||
|
|
@ -127,8 +127,8 @@ $config = [
|
||||||
* The email address will be used as the recipient address for error reports, and
|
* The email address will be used as the recipient address for error reports, and
|
||||||
* also as the technical contact in generated metadata.
|
* also as the technical contact in generated metadata.
|
||||||
*/
|
*/
|
||||||
'technicalcontact_name' => 'Administrator',
|
'technicalcontact_name' => $SAML_ADMIN_NAME,
|
||||||
'technicalcontact_email' => 'na@example.org',
|
'technicalcontact_email' => $SAML_ADMIN_EMAIL,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* (Optional) The method by which email is delivered. Defaults to mail which utilizes the
|
* (Optional) The method by which email is delivered. Defaults to mail which utilizes the
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,16 @@ in
|
||||||
description = mdDoc "Whether to set the secure flag on the SAML cookies";
|
description = mdDoc "Whether to set the secure flag on the SAML cookies";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ADMIN_NAME = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = mdDoc "Name for the admin user";
|
||||||
|
};
|
||||||
|
|
||||||
|
ADMIN_EMAIL = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = mdDoc "Email for the admin user";
|
||||||
|
};
|
||||||
|
|
||||||
ADMIN_PASSWORD = mkOption {
|
ADMIN_PASSWORD = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = mdDoc "Password for the admin user";
|
description = mdDoc "Password for the admin user";
|
||||||
|
|
@ -118,6 +128,12 @@ in
|
||||||
description = mdDoc "List of trusted domains for the SAML service";
|
description = mdDoc "List of trusted domains for the SAML service";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
CACHE_DIRECTORY = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/cache/pvv-nettsiden/simplesamlphp";
|
||||||
|
description = mdDoc "List of trusted domains for the SAML service";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -134,7 +150,10 @@ in
|
||||||
--replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
|
--replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
|
||||||
--replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
|
--replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
|
||||||
--replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
|
--replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
|
||||||
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}'
|
--replace '$SAML_ADMIN_NAME' '${format.lib.valueToString cfg.settings.SAML.ADMIN_NAME}' \
|
||||||
|
--replace '$SAML_ADMIN_EMAIL' '${format.lib.valueToString cfg.settings.SAML.ADMIN_EMAIL}' \
|
||||||
|
--replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}' \
|
||||||
|
--replace '$CACHE_DIRECTORY' '${format.lib.valueToString cfg.settings.CACHE_DIRECTORY}'
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
|
|
@ -151,6 +170,11 @@ in
|
||||||
"pvv-nettsiden" = { };
|
"pvv-nettsiden" = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.settings."10-pvv-nettsiden".${cfg.settings.CACHE_DIRECTORY}.d = {
|
||||||
|
inherit (cfg) user group;
|
||||||
|
mode = "0770";
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx = mkIf cfg.enableNginx {
|
services.nginx = mkIf cfg.enableNginx {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
|
@ -174,14 +198,14 @@ in
|
||||||
|
|
||||||
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
||||||
"^~ /simplesaml/" = {
|
"^~ /simplesaml/" = {
|
||||||
alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/";
|
alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/";
|
||||||
index = "index.php";
|
index = "index.php";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
|
location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
|
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
|
||||||
fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/$phpfile;
|
fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/public/$phpfile;
|
||||||
|
|
||||||
# Must be prepended with the baseurlpath
|
# Must be prepended with the baseurlpath
|
||||||
fastcgi_param SCRIPT_NAME /simplesaml/$phpfile;
|
fastcgi_param SCRIPT_NAME /simplesaml/$phpfile;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,7 @@
|
||||||
{ php }:
|
{ lib
|
||||||
|
, php
|
||||||
|
, extra_files ? { }
|
||||||
|
}:
|
||||||
|
|
||||||
php.buildComposerProject rec {
|
php.buildComposerProject rec {
|
||||||
src = ./..;
|
src = ./..;
|
||||||
|
|
@ -9,10 +12,17 @@ php.buildComposerProject rec {
|
||||||
passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
|
passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
install -Dm444 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php
|
install -Dm644 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php
|
||||||
install -Dm444 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
|
install -Dm644 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
|
||||||
install -Dm444 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
|
install -Dm644 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
|
||||||
|
install -Dm644 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
|
||||||
|
|
||||||
install -Dm444 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
|
${lib.pipe extra_files [
|
||||||
|
(lib.mapAttrsToList (target_path: source_path: ''
|
||||||
|
mkdir -p $(dirname "$out/${target_path}")
|
||||||
|
cp -r "${source_path}" "$out/${target_path}"
|
||||||
|
''))
|
||||||
|
(lib.concatStringsSep "\n")
|
||||||
|
]}
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue