Merge pull request #55 from fsr/padlist

Add pad lister tool
2023-08-22 15:43:29 +02:00 · 2023-08-22 15:43:29 +02:00 · d188722565
commit d188722565
parent a555a005e1 5c1af65721
5 changed files with 149 additions and 0 deletions
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
  services.nginx = {
+
+    additionalModules = [ pkgs.nginxModules.pam ];
    enable = true;
    recommendedProxySettings = true;
    recommendedGzipSettings = true;
@ -30,4 +32,8 @@
      email = "root@ifsr.de";
    };
  };
+  security.pam.services.nginx.text = ''
+    auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
+    account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
+  '';
 }
--- a/modules/padlist.nix
+++ b/modules/padlist.nix
@ -0,0 +1,53 @@
+# php pad lister tool written by jonas
+{ pkgs, config, lib, ... }:
+let
+  domain = "list.pad.${config.fsr.domain}";
+in
+{
+  services.phpfpm.pools.padlist = {
+    user = "hedgedoc";
+    group = "hedgedoc";
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 32;
+      "pm.max_requests" = 500;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 2;
+      "pm.max_spare_servers" = 5;
+      "php_admin_value[error_log]" = "stderr";
+      "php_admin_flag[log_errors]" = true;
+      "catch_workers_output" = true;
+    };
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
+  };
+
+  services.nginx = {
+    virtualHosts.${domain} = {
+      root = pkgs.callPackage ../pkgs/padlist { };
+      enableACME = true;
+      forceSSL = true;
+      extraConfig = ''
+        auth_pam "LDAP Authentication Required";
+        auth_pam_service_name "nginx";
+      '';
+      locations = {
+        "= /" = {
+          extraConfig = ''
+            rewrite ^ /index.php;
+          '';
+        };
+        "~ \.php$" = {
+          extraConfig = ''
+            try_files $uri =404;
+            fastcgi_pass unix:${config.services.phpfpm.pools.padlist.socket};
+            fastcgi_index index.php;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+            include ${pkgs.nginx}/conf/fastcgi.conf;
+          '';
+        };
+      };
+    };
+  };
+
+}