pvv-nixos-config/hosts/bekkalokk/services/website/default.nix

76 lines
2.4 KiB
Nix
Raw Normal View History

2024-03-28 10:52:59 +01:00
{ pkgs, lib, config, ... }:
let
format = pkgs.formats.php { };
cfg = config.services.pvv-nettsiden;
in {
imports = [
./fetch-gallery.nix
];
2024-04-08 23:07:41 +02:00
sops.secrets = lib.genAttrs [
"nettsiden/door_secret"
"nettsiden/mysql_password"
"nettsiden/simplesamlphp/admin_password"
"nettsiden/simplesamlphp/cookie_salt"
] (_: {
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
group = config.services.phpfpm.pools.pvv-nettsiden.group;
restartUnits = [ "phpfpm-pvv-nettsiden.service" ];
});
services.idp.sp-remote-metadata = [ "https://${cfg.domainName}/simplesaml/" ];
2024-03-28 10:52:59 +01:00
services.pvv-nettsiden = {
enable = true;
package = pkgs.pvv-nettsiden.override {
extra_files = {
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php" = pkgs.writeText "pvv-nettsiden-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
"${pkgs.pvv-nettsiden.passthru.simplesamlphpPath}/config/authsources.php" = pkgs.writeText "pvv-nettsiden-authsources.php" ''
<?php
$config = array(
2024-04-08 23:07:41 +02:00
'admin' => array(
'core:AdminPassword'
),
2024-03-28 10:52:59 +01:00
'default-sp' => array(
'saml:SP',
2024-04-08 23:07:41 +02:00
'entityID' => 'https://${cfg.domainName}/simplesaml/',
2024-03-28 10:52:59 +01:00
'idp' => 'https://idp2.pvv.ntnu.no/',
),
);
'';
};
};
domainName = "www2.pvv.ntnu.no";
2024-04-08 23:07:41 +02:00
settings = let
includeFromSops = path: format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/${path}".path}')";
in {
DOOR_SECRET = includeFromSops "door_secret";
2024-03-28 10:52:59 +01:00
DB = {
2024-04-08 23:07:41 +02:00
DSN = "mysql:dbname=www-data_nettside;host=mysql.pvv.ntnu.no";
USER = "www-data_nettsi";
PASS = includeFromSops "mysql_password";
2024-03-28 10:52:59 +01:00
};
2024-04-08 23:07:41 +02:00
# TODO: set up postgres session for simplesamlphp
2024-03-28 10:52:59 +01:00
SAML = {
2024-04-08 23:07:41 +02:00
COOKIE_SALT = includeFromSops "simplesamlphp/cookie_salt";
2024-03-28 10:52:59 +01:00
COOKIE_SECURE = true;
ADMIN_NAME = "PVV Drift";
ADMIN_EMAIL = "drift@pvv.ntnu.no";
2024-04-08 23:07:41 +02:00
ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
2024-03-28 10:52:59 +01:00
TRUSTED_DOMAINS = [ cfg.domainName ];
};
};
};
services.phpfpm.pools."pvv-nettsiden".settings = {
# "php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
}