forked from Drift/pvv-nixos-config
67 lines
2.0 KiB
Nix
67 lines
2.0 KiB
Nix
|
{ pkgs, lib, config, ... }:
|
||
|
let
|
||
|
format = pkgs.formats.php { };
|
||
|
cfg = config.services.pvv-nettsiden;
|
||
|
in {
|
||
|
imports = [
|
||
|
./fetch-gallery.nix
|
||
|
];
|
||
|
|
||
|
services.idp.sp-remote-metadata = [ "https://www2.pvv.ntnu.no/simplesaml/" ];
|
||
|
|
||
|
services.pvv-nettsiden = {
|
||
|
enable = true;
|
||
|
|
||
|
package = pkgs.pvv-nettsiden.override {
|
||
|
extra_files = {
|
||
|
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
|
||
|
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''
|
||
|
<?php
|
||
|
$config = array(
|
||
|
# 'admin' => array(
|
||
|
# 'core:AdminPassword'
|
||
|
# ),
|
||
|
'default-sp' => array(
|
||
|
'saml:SP',
|
||
|
'entityID' => 'https://www2.pvv.ntnu.no/simplesaml/',
|
||
|
'idp' => 'https://idp2.pvv.ntnu.no/',
|
||
|
),
|
||
|
);
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
|
||
|
domainName = "www2.pvv.ntnu.no";
|
||
|
|
||
|
settings = {
|
||
|
DOOR_SECRET = "verysecret";
|
||
|
|
||
|
DB = {
|
||
|
DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no";
|
||
|
USER = "www-data_www2";
|
||
|
PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')";
|
||
|
};
|
||
|
|
||
|
SAML = {
|
||
|
COOKIE_SALT = "changeme";
|
||
|
COOKIE_SECURE = true;
|
||
|
ADMIN_NAME = "PVV Drift";
|
||
|
ADMIN_EMAIL = "drift@pvv.ntnu.no";
|
||
|
ADMIN_PASSWORD = "torskefjes";
|
||
|
TRUSTED_DOMAINS = [ cfg.domainName ];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.phpfpm.pools."pvv-nettsiden".settings = {
|
||
|
# "php_admin_value[error_log]" = "stderr";
|
||
|
"php_admin_flag[log_errors]" = true;
|
||
|
"catch_workers_output" = true;
|
||
|
};
|
||
|
|
||
|
sops.secrets."nettsiden/database/password" = {
|
||
|
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
|
||
|
group = config.services.phpfpm.pools.pvv-nettsiden.group;
|
||
|
};
|
||
|
}
|