| blob | e970266fc17dd512e50152432e2baa73d0243199 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
7 let
8 cfg = config.services.simplesamlphp;
10 format = pkgs.formats.php { finalVariable = "config"; };
12 generateConfig =
13 opts:
14 pkgs.runCommand "simplesamlphp-config" { } ''
15 mkdir $out
16 cp ${format.generate "config.php" opts.settings} $out/config.php
17 cp ${format.generate "authsources.php" opts.authSources} $out/authsources.php
18 '';
19 in
20 {
21 meta = {
22 maintainers = with lib.maintainers; [ nhnn ];
23 };
25 options.services.simplesamlphp =
26 with lib;
27 mkOption {
28 type = types.attrsOf (
29 types.submodule (
30 { config, ... }:
31 {
32 options = {
33 package = mkPackageOption pkgs "simplesamlphp" { };
34 configureNginx = mkOption {
35 type = types.bool;
36 default = true;
37 description = "Configure nginx as a reverse proxy for SimpleSAMLphp.";
38 };
39 phpfpmPool = mkOption {
40 type = types.str;
41 description = "The PHP-FPM pool that serves SimpleSAMLphp instance.";
42 };
43 localDomain = mkOption {
44 type = types.str;
45 description = "The domain serving your SimpleSAMLphp instance. This option modifies only /saml route.";
46 };
47 settings = mkOption {
48 type = types.submodule {
49 freeformType = format.type;
50 options = {
51 baseurlpath = mkOption {
52 type = types.str;
53 example = "https://filesender.example.com/saml/";
54 description = "URL where SimpleSAMLphp can be reached.";
55 };
56 };
57 };
58 default = { };
59 description = ''
60 Configuration options used by SimpleSAMLphp.
61 See [](https://simplesamlphp.org/docs/stable/simplesamlphp-install)
62 for available options.
63 '';
64 };
66 authSources = mkOption {
67 type = format.type;
68 default = { };
69 description = ''
70 Auth sources options used by SimpleSAMLphp.
71 '';
72 };
74 libDir = mkOption {
75 type = types.str;
76 readOnly = true;
77 description = ''
78 Path to the SimpleSAMLphp library directory.
79 '';
80 };
81 configDir = mkOption {
82 type = types.str;
83 readOnly = true;
84 description = ''
85 Path to the SimpleSAMLphp config directory.
86 '';
87 };
88 };
89 config = {
90 libDir = "${config.package}/share/php/simplesamlphp/";
91 configDir = "${generateConfig config}";
92 };
93 }
94 )
95 );
96 default = { };
97 description = "Instances of SimpleSAMLphp. This module is designed to work with already existing PHP-FPM pool and NGINX virtualHost.";
98 };
100 config = {
101 services.phpfpm.pools = lib.mapAttrs' (
102 phpfpmName: opts:
103 lib.nameValuePair opts.phpfpmPool { phpEnv.SIMPLESAMLPHP_CONFIG_DIR = "${generateConfig opts}"; }
104 ) cfg;
106 services.nginx.virtualHosts = lib.mapAttrs' (
107 phpfpmName: opts:
108 lib.nameValuePair opts.localDomain (
109 lib.mkIf opts.configureNginx {
110 locations."^~ /saml/" = {
111 alias = "${opts.package}/share/php/simplesamlphp/www/";
112 extraConfig = ''
113 location ~ ^(?<prefix>/saml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
114 include ${pkgs.nginx}/conf/fastcgi.conf;
115 fastcgi_split_path_info ^(.+\.php)(/.+)$;
116 fastcgi_pass unix:${config.services.phpfpm.pools.${phpfpmName}.socket};
117 fastcgi_intercept_errors on;
118 fastcgi_param SCRIPT_FILENAME $document_root$phpfile;
119 fastcgi_param SCRIPT_NAME /saml$phpfile;
120 fastcgi_param PATH_INFO $pathinfo if_not_empty;
121 }
122 '';
123 };
124 }
125 )
126 ) cfg;
127 };
128 }