Added back old ssphp login theme

2026-02-20 08:57:53 +01:00 · 2026-02-07 21:44:54 +01:00
9 changed files with 64 additions and 64 deletions
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 | [kommode][kom]             | Virtual  | Gitea + Gitea pages                                       |
 | [lupine][lup]              | Physical | Gitea CI/CD runners                                       |
 |  shark                     | Virtual  | Test host for authentication, absolutely horrendous       |
-| [skrott][skr]              | Physical | Kiosk, snacks and soda                                    |
 | [wenche][wen]              | Virtual  | Nix-builders, general purpose compute                     |

 ## Documentation
@@ -60,5 +59,4 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 [ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
 [kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
 [lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
-[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrott
 [wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche
--- a/base/default.nix
+++ b/base/default.nix
@@ -81,7 +81,7 @@
    AllowHibernation=no
  '';

-  # users.mutableUsers = lib.mkDefault false;
+  users.mutableUsers = lib.mkDefault false;

  users.groups."drift".name = "drift";

--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769362210,
-        "narHash": "sha256-QCQD7Ofin5UYL0i5Sv34gfJ0p5pv1hwZspE/Ufe84L8=",
+        "lastModified": 1768138611,
+        "narHash": "sha256-KfZX6wpuwE2IRKLjh0DrEviE4f6kqLJWwKIE5QJSqa4=",
        "ref": "main",
-        "rev": "1d01e1b2cb8fb2adee96c0b4f065c43c45eae290",
-        "revCount": 229,
+        "rev": "cb385097dcda5fb9772f903688d078b30a66ccd4",
+        "revCount": 221,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
      },
--- a/hosts/bekkalokk/services/idp-simplesamlphp/config.php
+++ b/hosts/bekkalokk/services/idp-simplesamlphp/config.php
@@ -556,6 +556,7 @@ $config = [
    'module.enable' => [
        'admin' => true,
 	'authpwauth' => true,
+	'themepvv' => true,
    ],


@@ -858,7 +859,7 @@ $config = [
    /*
     * Which theme directory should be used?
     */
-    'theme.use' => 'default',
+    'theme.use' => 'themepvv:pvv',

    /*
     * Set this option to the text you would like to appear at the header of each page. Set to false if you don't want
--- a/hosts/bekkalokk/services/idp-simplesamlphp/default.nix
+++ b/hosts/bekkalokk/services/idp-simplesamlphp/default.nix
@@ -1,8 +1,24 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
+  themePvv = pkgs.fetchFromGitea {
+    domain = "git.pvv.ntnu.no";
+    owner = "Drift";
+    repo = "ssp-theme";
+    rev = "bda4314030be5f81aeaf2fb1927aee582f1194d9";
+    hash = "sha256-naNRyPL6PAsZKW2w1Vt9wrHT9inCL/yAFnvpy4glv+c=";
+  };
+
  pwAuthScript = pkgs.writeShellApplication {
    name = "pwauth";
-    runtimeInputs = with pkgs; [ coreutils heimdal ];
+    runtimeInputs = with pkgs; [
+      coreutils
+      heimdal
+    ];
    text = ''
      read -r user1
      user2="$(echo -n "$user1" | tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz')"
@@ -85,18 +101,27 @@ let

        substituteInPlace "$out" \
          --replace-warn '$SAML_COOKIE_SECURE' 'true' \
-          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
+          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${
+            config.sops.secrets."idp/cookie_salt".path
+          }")' \
          --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
          --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
-          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
+          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${
+            config.sops.secrets."idp/admin_password".path
+          }")' \
          --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
          --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
          --replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
-          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
+          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${
+            config.sops.secrets."idp/postgres_password".path
+          }")' \
          --replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
      '';

      "modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;
+
+      # PVV theme module (themepvv).
+      "modules/themepvv" = themePvv;
    };
  };
 in
@@ -158,10 +183,12 @@ in
    services.phpfpm.pools.idp = {
      user = "idp";
      group = "idp";
-      settings = let
+      settings =
+        let
          listenUser = config.services.nginx.user;
          listenGroup = config.services.nginx.group;
-      in {
+        in
+        {
          "pm" = "dynamic";
          "pm.max_children" = 32;
          "pm.max_requests" = 500;
--- a/hosts/gluttony/configuration.nix
+++ b/hosts/gluttony/configuration.nix
@@ -11,15 +11,6 @@
  ];

  systemd.network.enable = lib.mkForce false;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  boot.loader = {
-    systemd-boot.enable = false; # no uefi support on this device
-    grub.device = "/dev/sda";
-    grub.enable = true;
-  };
-  boot.tmp.cleanOnBoot = true;
-
  networking =
    let
      hostConf = values.hosts.gluttony;
--- a/hosts/skrott/configuration.nix
+++ b/hosts/skrott/configuration.nix
@@ -21,17 +21,11 @@
  services.logrotate.enable = lib.mkForce false;
  services.nginx.enable = lib.mkForce false;
  services.postfix.enable = lib.mkForce false;
-  services.smartd.enable = lib.mkForce false;
-  services.udisks2.enable = lib.mkForce false;
-  services.thermald.enable = lib.mkForce false;
-  services.promtail.enable = lib.mkForce false;
-  boot.supportedFilesystems.zfs = lib.mkForce false;
-  documentation.enable = lib.mkForce false;

  # TODO: can we reduce further?

  sops.secrets = {
-    "dibbler/postgresql/password" = {
+    "dibbler/postgresql/url" = {
      owner = "dibbler";
      group = "dibbler";
    };
@@ -41,8 +35,6 @@

  networking = {
    hostName = "skrot";
-    defaultGateway = values.hosts.gateway;
-    defaultGateway6 = values.hosts.gateway6;
    interfaces.eth0 = {
      useDHCP = false;
      ipv4.addresses = [{
@@ -64,15 +56,7 @@

    settings = {
      general.quit_allowed = false;
-      database = {
-        type = "postgresql";
-        postgresql = {
-          username = "pvv_vv";
-          dbname = "pvv_vv";
-          host = "postgres.pvv.ntnu.no";
-          password_file = config.sops.secrets."dibbler/postgresql/password".path;
-        };
-      };
+      database.url = config.sops.secrets."dibbler/postgresql/url".path;
    };
  };

@@ -89,5 +73,5 @@

  # Don't change (even during upgrades) unless you know what you are doing.
  # See https://search.nixos.org/options?show=system.stateVersion
-  system.stateVersion = "25.11";
+  system.stateVersion = "25.05";
 }
--- a/secrets/skrott/skrott.yaml
+++ b/secrets/skrott/skrott.yaml
@@ -1,6 +1,6 @@
 dibbler:
    postgresql:
-        password: ENC[AES256_GCM,data:2n85TO709GJc7/qoYp2RXO8Ttfo=,iv:5ZCZPEQQXPGYfDd1qPhDwDfm1Gds1M8PEX9IiCsHcrw=,tag:PAseyFBAe56pLj5Uv8Jd7A==,type:str]
+        url: ENC[AES256_GCM,data:rHmeviBKp5b33gZ+nRweJ9YSobG4OSOxypMcyGb3/Za5DyVjydEgWBkcugrLuy1fUYIu1UV93JizCRLqOOsNkg7ON2AGhw==,iv:mWgLeAmnVaRNuKI4jIKRtW5ZPjnt2tGqjfDbZkuAIXk=,tag:iHSkFcMmTWEFlIH7lVmN1Q==,type:str]
 sops:
    age:
        - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
@@ -48,8 +48,8 @@ sops:
            ZE5tMXJOYlFMOVNJU3FEZFB4TlZ1U00KHnunzKMy91oc92ptcaKCE1sfkhFGvf0S
            vRX/nyQnBGqD3X3yfvkt+aQnoLxcjoanpJVM9VeigyPu1mRg0OOxXg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-25T14:03:57Z"
-    mac: ENC[AES256_GCM,data:RBf3LjVNSclsPN7I4QPaDUjWbKlaccjk3rzsRNdRe3+OvJSd7MsS9RfpUFCqUtO7ZkkocXHmkHA8z8LNxs6vejT9czMsLLQD14qHZS6fFdTnToOx3Kt5UuviPO/2UryVI+6HWORkH1aqFJhzkSMop2TO5mzuOTfbCEBLYUUuS6s=,iv:NQs8O1hIbjzGBTZo+gCuisj3edraFGk/Y146HmfPmQY=,tag:4g9IXw2UFC5V9EIHuWJqdA==,type:str]
+    lastmodified: "2026-01-11T17:28:43Z"
+    mac: ENC[AES256_GCM,data:l43vquKg33LndSXOm0hsPcalQRXjqbb30QvptXuBsmQrcEVVh20Aqp92l+rwgv60P03ZtK4SKxm/udVVoqViFTwCLYtCC5GEn4OqbD94LQKzl+XLe7yLWwv2WF8ueu170YpZ97uFxUrhOoaOaKUgnAV+4CocixG5hfadpqA3yYE=,iv:a6RRILzz4gDUuiSZPVoqjlIMu4NZG+D5Q+brusfh9PU=,tag:Y8nKbnctjka44eH15x8oCA==,type:str]
    pgp:
        - created_at: "2026-01-11T17:12:49Z"
          enc: |-
--- a/users/felixalb.nix
+++ b/users/felixalb.nix
@@ -9,9 +9,8 @@
    ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalb@pvv.ntnu.no"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJky33ynjqyWP+hh24gFCMFIEqe3CjIIowGM9jiPbT79 felixalb@sisko.home.feal.no"
    ];
  };
 }