WIP: nixify

dist/simplesamlphp-config.php

@@ -1,7 +1,14 @@
 <?php
 
-require dirname(dirname(dirname(dirname(__DIR__)))) . '/config.php';
-echo $SAML_COOKIE_SECURE;
+# require_once(dirname(dirname(dirname(dirname(__DIR__)))) . DIRECTORY_SEPARATOR . 'config.php');
+
+/*
+$config_dir = dirname(__DIR__);
+while (!file_exists($config_dir . DIRECTORY_SEPARATOR . 'config.php')) {
+	$config_dir = dirname($config_dir);
+}
+include $config_dir . DIRECTORY_SEPARATOR . 'config.php';
+*/
 
 /**
  * The configuration of SimpleSAMLphp

nix/module.nix

@@ -40,6 +40,11 @@ in
           (attrs: !(attrs ? "type"))
           (_: option: option // { type = types.either option.type format.lib.types.raw; })
         {
+          DOOR_SECRET = mkOption {
+            type = types.str;
+            description = mdDoc "Secret for the door sensor API";
+          };
+
           GALLERY = {
             DIR = mkOption {
               type = types.path;
@@ -89,13 +94,50 @@ in
               description = mdDoc "Database password. Recommends: null, set in extraConfig";
             };
           };
+
+          SAML = {
+            COOKIE_SALT = mkOption {
+              type = types.str;
+              description = mdDoc "Salt for the SAML cookies";
+            };
+
+            COOKIE_SECURE = mkOption {
+              type = types.bool;
+              default = true;
+              description = mdDoc "Whether to set the secure flag on the SAML cookies";
+            };
+
+            ADMIN_PASSWORD = mkOption {
+              type = types.str;
+              description = mdDoc "Password for the admin user";
+            };
+
+            TRUSTED_DOMAINS = mkOption {
+              type = types.listOf types.str;
+              default = [ cfg.domainName ];
+              description = mdDoc "List of trusted domains for the SAML service";
+            };
+          };
         };
       };
     };
   };
 
 
-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable (let
+    # NOTE: This should absolutely not be necessary, but for some reason this file refuses to import
+    #       the toplevel configuration file.
+    # NOTE: Nvm, don't this this was the problem after all?
+    finalPackage = cfg.package.overrideAttrs (_: _: {
+      postInstall = cfg.package.postInstall + ''
+        substituteInPlace $simplesamlphp/config/config.php \
+          --replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \
+          --replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \
+          --replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \
+          --replace '$SAML_TRUSTED_DOMAINS' '${format.lib.valueToString cfg.settings.SAML.TRUSTED_DOMAINS}'
+      '';
+    });
+  in {
     users.users = mkIf (cfg.user == "pvv-nettsiden") {
       "pvv-nettsiden" = {
         description = "PVV Website Service User";
@@ -120,22 +162,28 @@ in
         enableACME = mkDefault true;
         locations = {
           "/" = {
-            root = "${cfg.package}/share/php/pvv-nettsiden/www/";
+            root = "${finalPackage}/share/php/pvv-nettsiden/www/";
             index = "index.php";
           };
 
           "~ \\.php$".extraConfig = ''
             include ${pkgs.nginx}/conf/fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME ${cfg.package}/share/php/pvv-nettsiden/www$fastcgi_script_name;
+            fastcgi_param SCRIPT_FILENAME ${finalPackage}/share/php/pvv-nettsiden/www$fastcgi_script_name;
             fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
           '';
 
           ${cfg.settings.GALLERY.SERVER_PATH} = {
             root = cfg.settings.GALLERY.DIR;
+            extraConfig = ''
+              rewrite ^${cfg.settings.GALLERY.SERVER_PATH}/(.*)$ /$1 break;
+            '';
           };
 
           ${cfg.settings.SLIDESHOW.SERVER_PATH} = {
             root = cfg.settings.SLIDESHOW.DIR;
+            extraConfig = ''
+              rewrite ^${cfg.settings.SLIDESHOW.SERVER_PATH}/(.*)$ /$1 break;
+            '';
           };
         };
       };
@@ -157,5 +205,5 @@ in
         "pm.max_requests" = mkDefault 500;
       };
     };
-  };
+  });
 }

nix/package.nix

@@ -6,9 +6,9 @@ php.buildComposerProject {
   version = "0.0.1";
   vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
 
-  postInstall = ''
-    simplesamlphp="$out/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"
+  simplesamlphp = "${placeholder "out"}/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
 
+  postInstall = ''
     mkdir -p $simplesamlphp/config
     mkdir -p $simplesamlphp/metadata
 

nix/php-generator.nix

@@ -2,10 +2,7 @@
 
 with lib;
 
-{ }: {
-  inherit (pkgs.formats.json { }) type;
-
-  generate = name: value: let
+{ }: let
   valueToString = val:
     if val == null then
       "null"
@@ -22,7 +19,10 @@ with lib;
     else if isAttrs val then
       throw "Found unexpected attrs, that were not created by mkRaw. Have you put attrs in an array?\n${val}"
     else throw "unsupported :')";
+in {
+  inherit (pkgs.formats.json { }) type;
 
+  generate = name: value: let
     flattenStructuredSettings = attrs: let
       partitionAttrs = pred: attrs: lib.pipe attrs [
         attrsToList
@@ -50,6 +50,8 @@ with lib;
   in pkgs.writeText name content;
 
   lib = {
+    inherit valueToString;
+
     mkRaw = value: {
       inherit value;
       _type = "raw";

www/index.php

@@ -1,8 +1,6 @@
 <?php
 require_once dirname(__DIR__) . implode(DIRECTORY_SEPARATOR, ['', 'inc', 'include.php']);
 
-echo $DOOR_SECRET;
-
 $translation = ['I dag', 'I morgen', 'Denne uka', 'Neste uke', 'Denne måneden', 'Neste måned'];
 $pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);