nixos/modules/services/security/shibboleth-sp.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / shibboleth-sp.nix
at 17.09-beta 2.6 kB view raw
 1{pkgs, config, lib, ...}:
 2
 3with lib;
 4let
 5  cfg = config.services.shibboleth-sp;
 6in {
 7  options = {
 8    services.shibboleth-sp = {
 9      enable = mkOption {
10        type = types.bool;
11        default = false;
12        description = "Whether to enable the shibboleth service";
13      };
14
15      configFile = mkOption {
16        type = types.path;
17        example = "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml";
18        description = "Path to shibboleth config file";
19      };
20
21      fastcgi.enable = mkOption {
22        type = types.bool;
23        default = false;
24        description = "Whether to include the shibauthorizer and shibresponder FastCGI processes";
25      };
26
27      fastcgi.shibAuthorizerPort = mkOption {
28        type = types.int;
29        default = 9100;
30        description = "Port for shibauthorizer FastCGI proccess to bind to";
31      };
32
33      fastcgi.shibResponderPort = mkOption {
34        type = types.int;
35        default = 9101;
36        description = "Port for shibauthorizer FastCGI proccess to bind to";
37      };
38    };
39  };
40
41  config = mkIf cfg.enable {
42    systemd.services.shibboleth-sp = {
43      description = "Provides SSO and federation for web applications";
44      after       = lib.optionals cfg.fastcgi.enable [ "shibresponder.service" "shibauthorizer.service" ];
45      wantedBy    = [ "multi-user.target" ];
46      serviceConfig = {
47        ExecStart = "${pkgs.shibboleth-sp}/bin/shibd -F -d ${pkgs.shibboleth-sp} -c ${cfg.configFile}";
48      };
49    };
50
51    systemd.services.shibresponder = mkIf cfg.fastcgi.enable {
52      description = "Provides SSO through Shibboleth via FastCGI";
53      after       = [ "network.target" ];
54      wantedBy    = [ "multi-user.target" ];
55      path    	  = [ "${pkgs.spawn_fcgi}" ];
56      environment.SHIBSP_CONFIG = "${cfg.configFile}";
57      serviceConfig = {
58        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibResponderPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibresponder";
59      };
60    };
61
62    systemd.services.shibauthorizer = mkIf cfg.fastcgi.enable {
63      description = "Provides SSO through Shibboleth via FastCGI";
64      after       = [ "network.target" ];
65      wantedBy    = [ "multi-user.target" ];
66      path    	  = [ "${pkgs.spawn_fcgi}" ];
67      environment.SHIBSP_CONFIG = "${cfg.configFile}";
68      serviceConfig = {
69        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibAuthorizerPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibauthorizer";
70      };
71    };
72  };
73
74  meta.maintainers = with lib.maintainers; [ jammerful ];
75}