Add basic simpleid configuration
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0f59be6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/logs/nginx/
+/logs/simpleid/
diff --git a/TODO.on.site b/TODO.on.site
new file mode 100644
index 0000000..bcfd36a
--- /dev/null
+++ b/TODO.on.site
@@ -0,0 +1,3 @@
+Adapt checked in files:
+* Set server_name in `nginx/sa.conf`
+* Set SIMPLEID_BASE_URL in `simpleid/www/config.php`
diff --git a/nginx/empty.conf b/nginx/empty.conf
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/nginx/empty.conf
diff --git a/nginx/sa.conf b/nginx/sa.conf
new file mode 100644
index 0000000..addc763
--- /dev/null
+++ b/nginx/sa.conf
@@ -0,0 +1,16 @@
+server {
+ listen 0.0.0.0:80;
+
+ server_name id.miau.local;
+
+ root /var/www/html;
+ location / {
+ index index.php index.html;
+ }
+ location ~ \.php$ {
+ include fastcgi_params;
+ fastcgi_pass simpleid:9000;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+ }
+}
diff --git a/simpleid/Dockerfile b/simpleid/Dockerfile
new file mode 100644
index 0000000..8c56da1
--- /dev/null
+++ b/simpleid/Dockerfile
@@ -0,0 +1,17 @@
+FROM php:8.2-fpm-alpine
+
+RUN \
+ apk add gmp gmp-dev && \
+ docker-php-ext-configure bcmath && \
+ docker-php-ext-install -j$(nproc) bcmath && \
+ docker-php-ext-configure gmp && \
+ docker-php-ext-install -j$(nproc) gmp && \
+ docker-php-ext-enable opcache && \
+ apk del gmp-dev
+
+RUN mv "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini"
+
+COPY simpleid/Dockerfile.entrypoint /simpleid-entrypoint
+RUN chmod 544 /simpleid-entrypoint
+
+ENTRYPOINT ["/bin/sh", "/simpleid-entrypoint"]
diff --git a/simpleid/Dockerfile.entrypoint b/simpleid/Dockerfile.entrypoint
new file mode 100644
index 0000000..f98185b
--- /dev/null
+++ b/simpleid/Dockerfile.entrypoint
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+chown -R www-data:www-data /var/cache/simpleid/
+chown -R www-data:www-data /var/lib/simpleid/
+chown -R www-data:www-data /var/log/
+
+exec docker-php-entrypoint php-fpm "$@"
diff --git a/simpleid/www/config.php b/simpleid/www/config.php
new file mode 100644
index 0000000..5d280c7
--- /dev/null
+++ b/simpleid/www/config.php
@@ -0,0 +1,220 @@
+<?php
+/**
+ * SimpleID configuration file.
+ *
+ * @package simpleid
+ *
+ */
+/*
+ * $Id$
+ *
+ */
+
+
+/**
+ * Base URL.
+ *
+ * This is the URL of the location you want to place your SimpleID
+ * distribution. It becomes the URL of the SimpleID server.
+ *
+ * It is not allowed to have a trailing slash; SimpleID will add it
+ * for you.
+ *
+ * Examples:
+ * <code>
+ * define('SIMPLEID_BASE_URL', 'http://www.example.com');
+ * define('SIMPLEID_BASE_URL', 'http://www.example.com:8888');
+ * define('SIMPLEID_BASE_URL', 'http://www.example.com/simpleid');
+ * define('SIMPLEID_BASE_URL', 'https://www.example.com:8888/simpleid');
+ * </code>
+ *
+ */
+define('SIMPLEID_BASE_URL', 'http://id.miau.local');
+
+/**
+ * Allow clean URLs.
+ *
+ * URLs used in SimpleID are normally in the form
+ * http://www.example.com/index.php?q=foo. Enabling clean URLs will allow for
+ * SimpleID URLs to be in the form http://www.example.com/foo
+ *
+ * In order to support clean URLs, you must be using Apache with mod_rewrite
+ * enabled. You will need to rename .htaccess.dist in the SimpleID web directory
+ * to .htaccess
+ *
+ * @since 0.8
+ *
+ */
+define('SIMPLEID_CLEAN_URL', false);
+
+/**
+ * Directory to store identity information.
+ *
+ * This directory must exist and be readable by the web server.
+ *
+ * For maximum security, it is highly recommended to place this
+ * directory outside your web browser's document root directory, so
+ * that it is not visible to user agents.
+ *
+ */
+define('SIMPLEID_IDENTITIES_DIR', '/var/db/simpleid');
+
+/**
+ * Directory to store cache data.
+ *
+ * This directory must exist and be readable and writable by the
+ * web server.
+ *
+ * For maximum security, it is highly recommended to place this
+ * directory outside your web browser's document root directory, so
+ * that it is not visible to user agents.
+ *
+ */
+define('SIMPLEID_CACHE_DIR', '/var/cache/simpleid');
+
+/**
+ * Persistent data storage mechanism.
+ *
+ * SimpleID provides flexible methods to store and retrieve persistent data.
+ * By default, SimpleID uses the file system to store this data, implemented
+ * in filesystem.store.inc. Users can implement other methods by creating
+ * a file with extension .store.inc and specifying the file through this
+ * setting.
+ *
+ * Generally you do not need to change this setting.
+ *
+ */
+define('SIMPLEID_STORE', 'filesystem');
+
+/**
+ * Directory to store persistent data.
+ *
+ * This directory must exist and be readable and writable by the
+ * web server.
+ *
+ * For maximum security, it is highly recommended to place this
+ * directory outside your web browser's document root directory, so
+ * that it is not visible to user agents.
+ *
+ */
+define('SIMPLEID_STORE_DIR', '/var/lib/simpleid');
+
+/**
+ * Allows use of unencrypted connections.
+ *
+ * Between versions 0.6 and 0.8 (inclusive), SimpleID uses either HTTPS or
+ * a form of digest authentication for its login system. This allows passwords
+ * and other secure information not to be sent to the server as plaintext.
+ *
+ * From version 0.9, SimpleID mandates the use of HTTPS for all connections
+ * (other than direct connections between SimpleID and an OpenID relying
+ * party). However, for debug purposes, it may be necessary to allow
+ * unencrypted connections to SimpleID.
+ *
+ * It is strongly recommended that this is set to false. Setting this to true
+ * will allow passwords to be sent as plaintext. You should not change this
+ * value unless it is absolutely necessary.
+ *
+ * @since 0.9
+ */
+define('SIMPLEID_ALLOW_PLAINTEXT', false);
+
+/**
+ * Allows web browsers to save passwords.
+ *
+ * SimpleID prevents web browsers from saving user passwords entered in a user
+ * logs into SimpleID. Setting this value to true will allow browsers to
+ * ask the user whether the password should be saved in the browser's password
+ * store.
+ *
+ * The default is set to false for security reasons. You should not change
+ * this value unless you are certain regarding the security of your browser's
+ * password store.
+ *
+ * @since 0.8
+ */
+define('SIMPLEID_ALLOW_AUTOCOMPLETE', false);
+
+/**
+ * Performs additional verification of relying party return URLs.
+ *
+ * When authenticating using OpenID version 2, SimpleID version 0.7 or later
+ * can perform additional verification of the relying party's return URLs under
+ * section 9.2.1 of the OpenID specification.
+ *
+ * The default is set to true for security reasons. However, if your web server
+ * is blocked by your web hosting provider's firewall from accessing outside
+ * servers, then set this to false.
+ *
+ * @since 0.7
+ *
+ */
+define('SIMPLEID_VERIFY_RETURN_URL_USING_REALM', true);
+
+
+/**
+ * The locale for the SimpleID user interface.
+ *
+ * @since 0.9
+ */
+define('SIMPLEID_LOCALE', 'en');
+
+/**
+ * Date and time format.
+ *
+ * The date and time format specified using the strftime() syntax.
+ *
+ * See http://www.php.net/strftime for details.
+ *
+ */
+define('SIMPLEID_DATE_TIME_FORMAT', '%Y-%m-%d %H:%M:%S %Z');
+
+/**
+ * The number of seconds before associations expire. This is an advanced
+ * option, for which the default setting should work fine.
+ *
+ * Note that for ICAM compliance, this number must be less than 86400.
+ */
+define('SIMPLEID_ASSOC_EXPIRES_IN', 3600);
+
+/**
+ * SimpleID extensions.
+ *
+ * The SimpleID extensions you wish to load. You should separate the
+ * extensions you wish to load with a comma.
+ *
+ */
+define('SIMPLEID_EXTENSIONS', 'sreg,ui');
+
+/**
+ * Log file.
+ *
+ * You can specify a file into which SimpleID will log various diagnostic
+ * messages.
+ *
+ * The log file's directory must exist and must be writable by the web server.
+ *
+ * To disable logging, set this as an empty string.
+ *
+ * @since 0.7
+ *
+ */
+define('SIMPLEID_LOGFILE', '/var/log/simpleid.log');
+
+/**
+ * The level of detail for log messages.
+ *
+ * You can determine which messages are captured in the log file by specifying
+ * a number between 0 and 5. The higher the number, the more messages are
+ * logged.
+ *
+ * WARNING: Setting the log level to 5 will result in security sensitive
+ * information also being logged.
+ *
+ * This has effect only if logging is enabled.
+ *
+ * @since 0.7
+ *
+ */
+define('SIMPLEID_LOGLEVEL', 4);
+?>
diff --git a/sourcearcade.yml b/sourcearcade.yml
new file mode 100644
index 0000000..17b3a20
--- /dev/null
+++ b/sourcearcade.yml
@@ -0,0 +1,31 @@
+version: "3"
+services:
+ nginx:
+ image: nginx:1.25-alpine
+ ports:
+ - "80:80"
+ networks:
+ - simpleidnet
+ volumes:
+ - ./simpleid/cache/:/var/cache/simpleid/:ro
+ - ./simpleid/identities/:/var/db/simpleid/:ro
+ - ./simpleid/store/:/var/lib/simpleid/:ro
+ - ./simpleid/www/:/var/www/html/:ro
+ - ./nginx/sa.conf:/etc/nginx/conf.d/sa.conf:ro
+ - ./nginx/empty.conf:/etc/nginx/conf.d/default.conf:ro
+ - ./logs/nginx:/var/log/nginx/:rw
+ simpleid:
+ build:
+ context: .
+ dockerfile: simpleid/Dockerfile
+ networks:
+ - simpleidnet
+ volumes:
+ - ./simpleid/cache/:/var/cache/simpleid/:rw
+ - ./simpleid/identities/:/var/db/simpleid/:ro
+ - ./simpleid/store/:/var/lib/simpleid/:rw
+ - ./simpleid/www/:/var/www/html/:ro
+ - ./logs/simpleid/:/var/log/:rw
+networks:
+ simpleidnet:
+ driver: bridge