nixos/modules/services/security/shibboleth-sp.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / shibboleth-sp.nix
at 24.11-pre 2.6 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3let
 4  cfg = config.services.shibboleth-sp;
 5in {
 6  options = {
 7    services.shibboleth-sp = {
 8      enable = lib.mkOption {
 9        type = lib.types.bool;
10        default = false;
11        description = "Whether to enable the shibboleth service";
12      };
13
14      configFile = lib.mkOption {
15        type = lib.types.path;
16        example = lib.literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"'';
17        description = "Path to shibboleth config file";
18      };
19
20      fastcgi.enable = lib.mkOption {
21        type = lib.types.bool;
22        default = false;
23        description = "Whether to include the shibauthorizer and shibresponder FastCGI processes";
24      };
25
26      fastcgi.shibAuthorizerPort = lib.mkOption {
27        type = lib.types.int;
28        default = 9100;
29        description = "Port for shibauthorizer FastCGI process to bind to";
30      };
31
32      fastcgi.shibResponderPort = lib.mkOption {
33        type = lib.types.int;
34        default = 9101;
35        description = "Port for shibauthorizer FastCGI process to bind to";
36      };
37    };
38  };
39
40  config = lib.mkIf cfg.enable {
41    systemd.services.shibboleth-sp = {
42      description = "Provides SSO and federation for web applications";
43      after       = lib.optionals cfg.fastcgi.enable [ "shibresponder.service" "shibauthorizer.service" ];
44      wantedBy    = [ "multi-user.target" ];
45      serviceConfig = {
46        ExecStart = "${pkgs.shibboleth-sp}/bin/shibd -F -d ${pkgs.shibboleth-sp} -c ${cfg.configFile}";
47      };
48    };
49
50    systemd.services.shibresponder = lib.mkIf cfg.fastcgi.enable {
51      description = "Provides SSO through Shibboleth via FastCGI";
52      after       = [ "network.target" ];
53      wantedBy    = [ "multi-user.target" ];
54      path    	  = [ "${pkgs.spawn_fcgi}" ];
55      environment.SHIBSP_CONFIG = "${cfg.configFile}";
56      serviceConfig = {
57        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibResponderPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibresponder";
58      };
59    };
60
61    systemd.services.shibauthorizer = lib.mkIf cfg.fastcgi.enable {
62      description = "Provides SSO through Shibboleth via FastCGI";
63      after       = [ "network.target" ];
64      wantedBy    = [ "multi-user.target" ];
65      path    	  = [ "${pkgs.spawn_fcgi}" ];
66      environment.SHIBSP_CONFIG = "${cfg.configFile}";
67      serviceConfig = {
68        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibAuthorizerPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibauthorizer";
69      };
70    };
71  };
72
73  meta.maintainers = with lib.maintainers; [ ];
74}