nixos/modules/services/security/shibboleth-sp.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / shibboleth-sp.nix
at 25.11-pre 2.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  cfg = config.services.shibboleth-sp;
10in
11{
12  options = {
13    services.shibboleth-sp = {
14      enable = lib.mkOption {
15        type = lib.types.bool;
16        default = false;
17        description = "Whether to enable the shibboleth service";
18      };
19
20      configFile = lib.mkOption {
21        type = lib.types.path;
22        example = lib.literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"'';
23        description = "Path to shibboleth config file";
24      };
25
26      fastcgi.enable = lib.mkOption {
27        type = lib.types.bool;
28        default = false;
29        description = "Whether to include the shibauthorizer and shibresponder FastCGI processes";
30      };
31
32      fastcgi.shibAuthorizerPort = lib.mkOption {
33        type = lib.types.int;
34        default = 9100;
35        description = "Port for shibauthorizer FastCGI process to bind to";
36      };
37
38      fastcgi.shibResponderPort = lib.mkOption {
39        type = lib.types.int;
40        default = 9101;
41        description = "Port for shibauthorizer FastCGI process to bind to";
42      };
43    };
44  };
45
46  config = lib.mkIf cfg.enable {
47    systemd.services.shibboleth-sp = {
48      description = "Provides SSO and federation for web applications";
49      after = lib.optionals cfg.fastcgi.enable [
50        "shibresponder.service"
51        "shibauthorizer.service"
52      ];
53      wantedBy = [ "multi-user.target" ];
54      serviceConfig = {
55        ExecStart = "${pkgs.shibboleth-sp}/bin/shibd -F -d ${pkgs.shibboleth-sp} -c ${cfg.configFile}";
56      };
57    };
58
59    systemd.services.shibresponder = lib.mkIf cfg.fastcgi.enable {
60      description = "Provides SSO through Shibboleth via FastCGI";
61      after = [ "network.target" ];
62      wantedBy = [ "multi-user.target" ];
63      path = [ "${pkgs.spawn_fcgi}" ];
64      environment.SHIBSP_CONFIG = "${cfg.configFile}";
65      serviceConfig = {
66        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibResponderPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibresponder";
67      };
68    };
69
70    systemd.services.shibauthorizer = lib.mkIf cfg.fastcgi.enable {
71      description = "Provides SSO through Shibboleth via FastCGI";
72      after = [ "network.target" ];
73      wantedBy = [ "multi-user.target" ];
74      path = [ "${pkgs.spawn_fcgi}" ];
75      environment.SHIBSP_CONFIG = "${cfg.configFile}";
76      serviceConfig = {
77        ExecStart = "${pkgs.spawn_fcgi}/bin/spawn-fcgi -n -p ${toString cfg.fastcgi.shibAuthorizerPort} ${pkgs.shibboleth-sp}/lib/shibboleth/shibauthorizer";
78      };
79    };
80  };
81
82  meta.maintainers = [ ];
83}