Added back old ssphp login theme

README.md

@@ -43,7 +43,6 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 | [kommode][kom]             | Virtual  | Gitea + Gitea pages                                       |
 | [lupine][lup]              | Physical | Gitea CI/CD runners                                       |
 |  shark                     | Virtual  | Test host for authentication, absolutely horrendous       |
-| [skrott][skr]              | Physical | Kiosk, snacks and soda                                    |
 | [wenche][wen]              | Virtual  | Nix-builders, general purpose compute                     |
 
 ## Documentation
@@ -60,5 +59,4 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 [ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
 [kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
 [lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
-[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrott
 [wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche

base/default.nix

@@ -81,7 +81,7 @@
     AllowHibernation=no
   '';
 
-  # users.mutableUsers = lib.mkDefault false;
+  users.mutableUsers = lib.mkDefault false;
 
   users.groups."drift".name = "drift";
 

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769362210,
+        "lastModified": 1768138611,
-        "narHash": "sha256-QCQD7Ofin5UYL0i5Sv34gfJ0p5pv1hwZspE/Ufe84L8=",
+        "narHash": "sha256-KfZX6wpuwE2IRKLjh0DrEviE4f6kqLJWwKIE5QJSqa4=",
         "ref": "main",
-        "rev": "1d01e1b2cb8fb2adee96c0b4f065c43c45eae290",
+        "rev": "cb385097dcda5fb9772f903688d078b30a66ccd4",
-        "revCount": 229,
+        "revCount": 221,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
       },

hosts/bekkalokk/services/idp-simplesamlphp/config.php

@@ -556,6 +556,7 @@ $config = [
     'module.enable' => [
         'admin' => true,
 	'authpwauth' => true,
+	'themepvv' => true,
     ],
 
 
@@ -858,7 +859,7 @@ $config = [
     /*
      * Which theme directory should be used?
      */
-    'theme.use' => 'default',
+    'theme.use' => 'themepvv:pvv',
 
     /*
      * Set this option to the text you would like to appear at the header of each page. Set to false if you don't want

hosts/bekkalokk/services/idp-simplesamlphp/default.nix

@@ -1,8 +1,24 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
+  themePvv = pkgs.fetchFromGitea {
+    domain = "git.pvv.ntnu.no";
+    owner = "Drift";
+    repo = "ssp-theme";
+    rev = "bda4314030be5f81aeaf2fb1927aee582f1194d9";
+    hash = "sha256-naNRyPL6PAsZKW2w1Vt9wrHT9inCL/yAFnvpy4glv+c=";
+  };
+
   pwAuthScript = pkgs.writeShellApplication {
     name = "pwauth";
-    runtimeInputs = with pkgs; [ coreutils heimdal ];
+    runtimeInputs = with pkgs; [
+      coreutils
+      heimdal
+    ];
     text = ''
       read -r user1
       user2="$(echo -n "$user1" | tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz')"
@@ -33,7 +49,7 @@ let
 
       "metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" ''
         <?php
-          ${ lib.pipe config.services.idp.sp-remote-metadata [
+          ${lib.pipe config.services.idp.sp-remote-metadata [
             (map (url: ''
               $metadata['${url}'] = [
                 'SingleLogoutService' => [
@@ -85,18 +101,27 @@ let
 
         substituteInPlace "$out" \
           --replace-warn '$SAML_COOKIE_SECURE' 'true' \
-          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
+          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${
+            config.sops.secrets."idp/cookie_salt".path
+          }")' \
           --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
           --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
-          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
+          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${
+            config.sops.secrets."idp/admin_password".path
+          }")' \
           --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
           --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
           --replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
-          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
+          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${
+            config.sops.secrets."idp/postgres_password".path
+          }")' \
           --replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
       '';
 
       "modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;
+
+      # PVV theme module (themepvv).
+      "modules/themepvv" = themePvv;
     };
   };
 in
@@ -158,23 +183,25 @@ in
     services.phpfpm.pools.idp = {
       user = "idp";
       group = "idp";
-      settings = let
+      settings =
-        listenUser = config.services.nginx.user;
+        let
-        listenGroup = config.services.nginx.group;
+          listenUser = config.services.nginx.user;
-      in {
+          listenGroup = config.services.nginx.group;
-        "pm" = "dynamic";
+        in
-        "pm.max_children" = 32;
+        {
-        "pm.max_requests" = 500;
+          "pm" = "dynamic";
-        "pm.start_servers" = 2;
+          "pm.max_children" = 32;
-        "pm.min_spare_servers" = 2;
+          "pm.max_requests" = 500;
-        "pm.max_spare_servers" = 4;
+          "pm.start_servers" = 2;
-        "listen.owner" = listenUser;
+          "pm.min_spare_servers" = 2;
-        "listen.group" = listenGroup;
+          "pm.max_spare_servers" = 4;
+          "listen.owner" = listenUser;
+          "listen.group" = listenGroup;
 
-        "catch_workers_output" = true;
+          "catch_workers_output" = true;
-        "php_admin_flag[log_errors]" = true;
+          "php_admin_flag[log_errors]" = true;
-        # "php_admin_value[error_log]" = "stderr";
+          # "php_admin_value[error_log]" = "stderr";
-      };
+        };
     };
 
     services.nginx.virtualHosts."idp.pvv.ntnu.no" = {
@@ -182,7 +209,7 @@ in
       enableACME = true;
       kTLS = true;
       root = "${package}/share/php/simplesamlphp/public";
-      locations =  {
+      locations = {
         # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
         "/" = {
           alias = "${package}/share/php/simplesamlphp/public/";

hosts/gluttony/configuration.nix

@@ -11,15 +11,6 @@
   ];
 
   systemd.network.enable = lib.mkForce false;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  boot.loader = {
-    systemd-boot.enable = false; # no uefi support on this device
-    grub.device = "/dev/sda";
-    grub.enable = true;
-  };
-  boot.tmp.cleanOnBoot = true;
-
   networking =
     let
       hostConf = values.hosts.gluttony;

hosts/skrott/configuration.nix

@@ -21,17 +21,11 @@
   services.logrotate.enable = lib.mkForce false;
   services.nginx.enable = lib.mkForce false;
   services.postfix.enable = lib.mkForce false;
-  services.smartd.enable = lib.mkForce false;
-  services.udisks2.enable = lib.mkForce false;
-  services.thermald.enable = lib.mkForce false;
-  services.promtail.enable = lib.mkForce false;
-  boot.supportedFilesystems.zfs = lib.mkForce false;
-  documentation.enable = lib.mkForce false;
 
   # TODO: can we reduce further?
 
   sops.secrets = {
-    "dibbler/postgresql/password" = {
+    "dibbler/postgresql/url" = {
       owner = "dibbler";
       group = "dibbler";
     };
@@ -41,8 +35,6 @@
 
   networking = {
     hostName = "skrot";
-    defaultGateway = values.hosts.gateway;
-    defaultGateway6 = values.hosts.gateway6;
     interfaces.eth0 = {
       useDHCP = false;
       ipv4.addresses = [{
@@ -64,15 +56,7 @@
 
     settings = {
       general.quit_allowed = false;
-      database = {
+      database.url = config.sops.secrets."dibbler/postgresql/url".path;
-        type = "postgresql";
-        postgresql = {
-          username = "pvv_vv";
-          dbname = "pvv_vv";
-          host = "postgres.pvv.ntnu.no";
-          password_file = config.sops.secrets."dibbler/postgresql/password".path;
-        };
-      };
     };
   };
 
@@ -89,5 +73,5 @@
 
   # Don't change (even during upgrades) unless you know what you are doing.
   # See https://search.nixos.org/options?show=system.stateVersion
-  system.stateVersion = "25.11";
+  system.stateVersion = "25.05";
 }

secrets/skrott/skrott.yaml

@@ -1,6 +1,6 @@
 dibbler:
     postgresql:
-        password: ENC[AES256_GCM,data:2n85TO709GJc7/qoYp2RXO8Ttfo=,iv:5ZCZPEQQXPGYfDd1qPhDwDfm1Gds1M8PEX9IiCsHcrw=,tag:PAseyFBAe56pLj5Uv8Jd7A==,type:str]
+        url: ENC[AES256_GCM,data:rHmeviBKp5b33gZ+nRweJ9YSobG4OSOxypMcyGb3/Za5DyVjydEgWBkcugrLuy1fUYIu1UV93JizCRLqOOsNkg7ON2AGhw==,iv:mWgLeAmnVaRNuKI4jIKRtW5ZPjnt2tGqjfDbZkuAIXk=,tag:iHSkFcMmTWEFlIH7lVmN1Q==,type:str]
 sops:
     age:
         - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
@@ -48,8 +48,8 @@ sops:
             ZE5tMXJOYlFMOVNJU3FEZFB4TlZ1U00KHnunzKMy91oc92ptcaKCE1sfkhFGvf0S
             vRX/nyQnBGqD3X3yfvkt+aQnoLxcjoanpJVM9VeigyPu1mRg0OOxXg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-25T14:03:57Z"
+    lastmodified: "2026-01-11T17:28:43Z"
-    mac: ENC[AES256_GCM,data:RBf3LjVNSclsPN7I4QPaDUjWbKlaccjk3rzsRNdRe3+OvJSd7MsS9RfpUFCqUtO7ZkkocXHmkHA8z8LNxs6vejT9czMsLLQD14qHZS6fFdTnToOx3Kt5UuviPO/2UryVI+6HWORkH1aqFJhzkSMop2TO5mzuOTfbCEBLYUUuS6s=,iv:NQs8O1hIbjzGBTZo+gCuisj3edraFGk/Y146HmfPmQY=,tag:4g9IXw2UFC5V9EIHuWJqdA==,type:str]
+    mac: ENC[AES256_GCM,data:l43vquKg33LndSXOm0hsPcalQRXjqbb30QvptXuBsmQrcEVVh20Aqp92l+rwgv60P03ZtK4SKxm/udVVoqViFTwCLYtCC5GEn4OqbD94LQKzl+XLe7yLWwv2WF8ueu170YpZ97uFxUrhOoaOaKUgnAV+4CocixG5hfadpqA3yYE=,iv:a6RRILzz4gDUuiSZPVoqjlIMu4NZG+D5Q+brusfh9PU=,tag:Y8nKbnctjka44eH15x8oCA==,type:str]
     pgp:
         - created_at: "2026-01-11T17:12:49Z"
           enc: |-

users/felixalb.nix

@@ -9,9 +9,8 @@
     ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalb@pvv.ntnu.no"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJky33ynjqyWP+hh24gFCMFIEqe3CjIIowGM9jiPbT79 felixalb@sisko.home.feal.no"
     ];
   };
 }