pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / simplesamlphp.nix
at 25.11-pre 4.3 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.simplesamlphp; 9 10 format = pkgs.formats.php { finalVariable = "config"; }; 11 12 generateConfig = 13 opts: 14 pkgs.runCommand "simplesamlphp-config" { } '' 15 mkdir $out 16 cp ${format.generate "config.php" opts.settings} $out/config.php 17 cp ${format.generate "authsources.php" opts.authSources} $out/authsources.php 18 ''; 19in 20{ 21 meta = { 22 maintainers = with lib.maintainers; [ nhnn ]; 23 }; 24 25 options.services.simplesamlphp = 26 with lib; 27 mkOption { 28 type = types.attrsOf ( 29 types.submodule ( 30 { config, ... }: 31 { 32 options = { 33 package = mkPackageOption pkgs "simplesamlphp" { }; 34 configureNginx = mkOption { 35 type = types.bool; 36 default = true; 37 description = "Configure nginx as a reverse proxy for SimpleSAMLphp."; 38 }; 39 phpfpmPool = mkOption { 40 type = types.str; 41 description = "The PHP-FPM pool that serves SimpleSAMLphp instance."; 42 }; 43 localDomain = mkOption { 44 type = types.str; 45 description = "The domain serving your SimpleSAMLphp instance. This option modifies only /saml route."; 46 }; 47 settings = mkOption { 48 type = types.submodule { 49 freeformType = format.type; 50 options = { 51 baseurlpath = mkOption { 52 type = types.str; 53 example = "https://filesender.example.com/saml/"; 54 description = "URL where SimpleSAMLphp can be reached."; 55 }; 56 }; 57 }; 58 default = { }; 59 description = '' 60 Configuration options used by SimpleSAMLphp. 61 See [](https://simplesamlphp.org/docs/stable/simplesamlphp-install) 62 for available options. 63 ''; 64 }; 65 66 authSources = mkOption { 67 type = format.type; 68 default = { }; 69 description = '' 70 Auth sources options used by SimpleSAMLphp. 71 ''; 72 }; 73 74 libDir = mkOption { 75 type = types.str; 76 readOnly = true; 77 description = '' 78 Path to the SimpleSAMLphp library directory. 79 ''; 80 }; 81 configDir = mkOption { 82 type = types.str; 83 readOnly = true; 84 description = '' 85 Path to the SimpleSAMLphp config directory. 86 ''; 87 }; 88 }; 89 config = { 90 libDir = "${config.package}/share/php/simplesamlphp/"; 91 configDir = "${generateConfig config}"; 92 }; 93 } 94 ) 95 ); 96 default = { }; 97 description = "Instances of SimpleSAMLphp. This module is designed to work with already existing PHP-FPM pool and NGINX virtualHost."; 98 }; 99 100 config = lib.mkIf (cfg != { }) { 101 services.phpfpm.pools = lib.mapAttrs' ( 102 phpfpmName: opts: 103 lib.nameValuePair opts.phpfpmPool { phpEnv.SIMPLESAMLPHP_CONFIG_DIR = "${generateConfig opts}"; } 104 ) cfg; 105 106 services.nginx.virtualHosts = lib.mapAttrs' ( 107 phpfpmName: opts: 108 lib.nameValuePair opts.localDomain ( 109 lib.mkIf opts.configureNginx { 110 locations."^~ /saml/" = { 111 alias = "${opts.package}/share/php/simplesamlphp/www/"; 112 extraConfig = '' 113 location ~ ^(?<prefix>/saml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { 114 include ${pkgs.nginx}/conf/fastcgi.conf; 115 fastcgi_split_path_info ^(.+\.php)(/.+)$; 116 fastcgi_pass unix:${config.services.phpfpm.pools.${phpfpmName}.socket}; 117 fastcgi_intercept_errors on; 118 fastcgi_param SCRIPT_FILENAME $document_root$phpfile; 119 fastcgi_param SCRIPT_NAME /saml$phpfile; 120 fastcgi_param PATH_INFO $pathinfo if_not_empty; 121 } 122 ''; 123 }; 124 } 125 ) 126 ) cfg; 127 }; 128}