felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-11 20:50:03 +01:00
Code Issues Projects Releases Wiki Activity

Added back old ssphp login theme

Browse Source
This commit is contained in:
Adrian G L
2026-02-07 21:44:54 +01:00
parent 689d6582ae
commit 407e95d696
2 changed files with 52 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/bekkalokk/services/idp-simplesamlphp/config.php
View File

@@ -556,6 +556,7 @@ $config = [
'module.enable' => [ 'module.enable' => [
'admin' => true, 'admin' => true,
'authpwauth' => true, 'authpwauth' => true,
'themepvv' => true,
], ],
@@ -858,7 +859,7 @@ $config = [
/* /*
* Which theme directory should be used? * Which theme directory should be used?
*/ */
'theme.use' => 'default', 'theme.use' => 'themepvv:pvv',
/* /*
* Set this option to the text you would like to appear at the header of each page. Set to false if you don't want * Set this option to the text you would like to appear at the header of each page. Set to false if you don't want

73
hosts/bekkalokk/services/idp-simplesamlphp/default.nix
View File

@@ -1,8 +1,24 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
themePvv = pkgs.fetchFromGitea {
domain = "git.pvv.ntnu.no";
owner = "Drift";
repo = "ssp-theme";
rev = "bda4314030be5f81aeaf2fb1927aee582f1194d9";
hash = "sha256-naNRyPL6PAsZKW2w1Vt9wrHT9inCL/yAFnvpy4glv+c=";
};
pwAuthScript = pkgs.writeShellApplication { pwAuthScript = pkgs.writeShellApplication {
name = "pwauth"; name = "pwauth";
runtimeInputs = with pkgs; [ coreutils heimdal ]; runtimeInputs = with pkgs; [
coreutils
heimdal
];
text = '' text = ''
read -r user1 read -r user1
user2="$(echo -n "$user1" | tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz')" user2="$(echo -n "$user1" | tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz')"
@@ -33,7 +49,7 @@ let
"metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" '' "metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" ''
<?php <?php
${ lib.pipe config.services.idp.sp-remote-metadata [ ${lib.pipe config.services.idp.sp-remote-metadata [
(map (url: '' (map (url: ''
$metadata['${url}'] = [ $metadata['${url}'] = [
'SingleLogoutService' => [ 'SingleLogoutService' => [
@@ -85,18 +101,27 @@ let
substituteInPlace "$out" \ substituteInPlace "$out" \
--replace-warn '$SAML_COOKIE_SECURE' 'true' \ --replace-warn '$SAML_COOKIE_SECURE' 'true' \
--replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \ --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${
config.sops.secrets."idp/cookie_salt".path
}")' \
--replace-warn '$SAML_ADMIN_NAME' '"Drift"' \ --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
--replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \ --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \ --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${
config.sops.secrets."idp/admin_password".path
}")' \
--replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \ --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
--replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \ --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \ --replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
--replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \ --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${
config.sops.secrets."idp/postgres_password".path
}")' \
--replace-warn '$CACHE_DIRECTORY' '/var/cache/idp' --replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
''; '';
"modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php; "modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;
# PVV theme module (themepvv).
"modules/themepvv" = themePvv;
}; };
}; };
in in
@@ -158,23 +183,25 @@ in
services.phpfpm.pools.idp = { services.phpfpm.pools.idp = {
user = "idp"; user = "idp";
group = "idp"; group = "idp";
settings = let settings =
listenUser = config.services.nginx.user; let
listenGroup = config.services.nginx.group; listenUser = config.services.nginx.user;
in { listenGroup = config.services.nginx.group;
"pm" = "dynamic"; in
"pm.max_children" = 32; {
"pm.max_requests" = 500; "pm" = "dynamic";
"pm.start_servers" = 2; "pm.max_children" = 32;
"pm.min_spare_servers" = 2; "pm.max_requests" = 500;
"pm.max_spare_servers" = 4; "pm.start_servers" = 2;
"listen.owner" = listenUser; "pm.min_spare_servers" = 2;
"listen.group" = listenGroup; "pm.max_spare_servers" = 4;
"listen.owner" = listenUser;
"listen.group" = listenGroup;
"catch_workers_output" = true; "catch_workers_output" = true;
"php_admin_flag[log_errors]" = true; "php_admin_flag[log_errors]" = true;
# "php_admin_value[error_log]" = "stderr"; # "php_admin_value[error_log]" = "stderr";
}; };
}; };
services.nginx.virtualHosts."idp.pvv.ntnu.no" = { services.nginx.virtualHosts."idp.pvv.ntnu.no" = {
@@ -182,7 +209,7 @@ in
enableACME = true; enableACME = true;
kTLS = true; kTLS = true;
root = "${package}/share/php/simplesamlphp/public"; root = "${package}/share/php/simplesamlphp/public";
locations = { locations = {
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
"/" = { "/" = {
alias = "${package}/share/php/simplesamlphp/public/"; alias = "${package}/share/php/simplesamlphp/public/";