WIP: nixify

dist/simplesamlphp-config.php

@@ -37,7 +37,7 @@ $config = [
      * external url, no matter where you come from (direct access or via the
      * reverse proxy).
      */
-    'baseurlpath' => 'simplesaml/',
+    'baseurlpath' => '/simplesaml/',
 
     /*
      * The 'application' configuration array groups a set configuration options

nix/module.nix

@@ -130,7 +130,7 @@ in
     # NOTE: Nvm, don't this this was the problem after all?
     finalPackage = cfg.package.overrideAttrs (_: _: {
       postInstall = cfg.package.postInstall + ''
-        substituteInPlace $simplesamlphp/config/config.php \
+        substituteInPlace $out/${cfg.package.passthru.simplesamlphpPath}/config/config.php \
           --replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
           --replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
           --replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
@@ -172,6 +172,25 @@ in
             fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
           '';
 
+          # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
+          "^~ /simplesaml/" = {
+	    alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/";
+            index = "index.php";
+
+	    extraConfig = ''
+	      location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
+                include ${pkgs.nginx}/conf/fastcgi_params;
+                fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket}; 
+                fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/$phpfile;
+
+                # Must be prepended with the baseurlpath
+                fastcgi_param SCRIPT_NAME /simplesaml/$phpfile;
+
+                fastcgi_param PATH_INFO $pathinfo if_not_empty;
+	      }
+	    '';
+	  };
+
           ${cfg.settings.GALLERY.SERVER_PATH} = {
             root = cfg.settings.GALLERY.DIR;
             extraConfig = ''

nix/package.nix

@@ -1,23 +1,18 @@
 { php }:
 
-php.buildComposerProject {
+php.buildComposerProject rec {
   src = ./..;
   pname = "pvv-nettsiden";
   version = "0.0.1";
   vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
 
-  simplesamlphp = "${placeholder "out"}/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
+  passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
 
   postInstall = ''
-    mkdir -p $simplesamlphp/config
+    install -Dm444 dist/simplesamlphp-config.php      $out/${passthru.simplesamlphpPath}/config/config.php
-    mkdir -p $simplesamlphp/metadata
+    install -Dm444 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
+    install -Dm444 dist/simplesamlphp-idp.php         $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
 
-    cp dist/simplesamlphp-config.php      $simplesamlphp/config/config.php
+    install -Dm444 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
-    cp dist/simplesamlphp-authsources.php $simplesamlphp/config/authsources.php
-    cp dist/simplesamlphp-idp.php         $simplesamlphp/metadata/saml20-idp-remote.php
-
-    cp dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
-
-    ln -s $simplesamlphp/www $out/share/php/pvv-nettsiden/www/simplesaml
   '';
 }