Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2712bd2197971df16e176fa3a9b120490a1ac390
nixos/hosts/fw/modules/web/phpldapadmin.nix
Dominik Polakovics 6aeb0c9f89 many changes
2025-06-17 16:46:01 +02:00

96 lines
2.4 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
phpldapadmin = pkgs.callPackage ../../pkgs/phpldapadmin.nix {};
fpm = config.services.phpfpm.pools.phpldapadmin;
stateDir = "/var/lib/phpldapadmin";
domain = "phpldapadmin.cloonar.com";
in
{
users.users.phpldapadmin = {
description = "PHPLdapAdmin Service";
home = stateDir;
useDefaultShell = true;
group = "phpldapadmin";
isSystemUser = true;
};
users.groups.phpldapadmin = { };
sops.secrets.phpldapadmin.owner = "phpldapadmin";
environment.etc."phpldapadmin/env".source = config.sops.secrets.phpldapadmin.path;
services.nginx = {
enable = true;
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = stateDir;
locations."/" = {
root = "${phpldapadmin}/public";
index = "index.php";
extraConfig = ''
location ~* \.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm.socket};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
'';
};
};
};
};
environment.etc.nginx_allowed_groups = {
text = "employees";
mode = "0444";
};
security.pam.services.nginx.text = ''
# auth required pam_listfile.so \
# item=group sense=allow onerr=fail file=/etc/nginx_allowed_groups
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
'';
services.phpfpm.pools.phpldapadmin = {
user = "phpldapadmin";
phpOptions = ''
error_log = 'stderr'
log_errors = on
'';
settings = mapAttrs (name: mkDefault) {
"listen.owner" = "nginx";
"listen.group" = "nginx";
"listen.mode" = "0660";
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
"catch_workers_output" = true;
};
phpEnv."PATH" = pkgs.lib.makeBinPath [
pkgs.which
phpldapadmin
];
};
systemd.tmpfiles.rules = [
"d '${stateDir}' 0750 phpldapadmin phpldapadmin - -"
];
}
Reference in New Issue View Git Blame Copy Permalink