From fda9cc2795112b33d5e6fd92dc21eb87310fe280 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sat, 30 Mar 2024 05:12:33 +0100
Subject: [PATCH] rebase mediawiki

---
 .../bekkalokk/services/mediawiki/default.nix  | 61 ++++++++-----------
 .../mediawiki/simplesaml-authsources.php      | 12 ++++
 .../config.php => simplesaml-config.php}      |  4 +-
 .../mediawiki/simplesamlphp/authsources.php   | 11 ----
 .../simplesamlphp/saml20-idp-remote.php       | 23 -------
 5 files changed, 41 insertions(+), 70 deletions(-)
 create mode 100644 hosts/bekkalokk/services/mediawiki/simplesaml-authsources.php
 rename hosts/bekkalokk/services/mediawiki/{simplesamlphp/config.php => simplesaml-config.php} (99%)
 delete mode 100644 hosts/bekkalokk/services/mediawiki/simplesamlphp/authsources.php
 delete mode 100644 hosts/bekkalokk/services/mediawiki/simplesamlphp/saml20-idp-remote.php

diff --git a/hosts/bekkalokk/services/mediawiki/default.nix b/hosts/bekkalokk/services/mediawiki/default.nix
index f3d11fc..7bf7ca4 100644
--- a/hosts/bekkalokk/services/mediawiki/default.nix
+++ b/hosts/bekkalokk/services/mediawiki/default.nix
@@ -8,19 +8,27 @@
   group = config.users.users.${user}.group;
 
   simplesamlphp = pkgs.simplesamlphp.override {
-    authsourcesFile = ./simplesamlphp/authsources.php;
-    saml20-idp-remoteFile = ./simplesamlphp/saml20-idp-remote.php;
-    configFile = pkgs.runCommandLocal "mediawiki-simplesamlphp-config.php" { } ''
-      cp ${./simplesamlphp/config.php} "$out"
+    extra_files = {
+      "metadata/saml20-idp-remote.php" = pkgs.writeText "mediawiki-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
 
-      substituteInPlace "$out" \
-        --replace '$SAML_COOKIE_SECURE' 'true' \
-        --replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \
-        --replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \
-        --replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )'
-    '';
+      "config/authsources.php" = ./simplesaml-authsources.php;
+
+      "config/config.php" = pkgs.runCommandLocal "mediawiki-simplesamlphp-config.php" { } ''
+        cp ${./simplesaml-config.php} "$out"
+
+        substituteInPlace "$out" \
+          --replace '$SAML_COOKIE_SECURE' 'true' \
+          --replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \
+          --replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \
+          --replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )' \
+          --replace '$STATE_DIRECTORY' '/var/lib/mediawiki' \
+          --replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
+      '';
+    };
   };
 in {
+  services.idp.sp-remote-metadata = [ "https://wiki2.pvv.ntnu.no/simplesaml/" ];
+
   sops.secrets = {
     "mediawiki/password" = {
       restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ];
@@ -65,7 +73,6 @@ in {
       "pm.max_spare_servers" = 4;
       "listen.owner" = listenUser;
       "listen.group" = listenGroup;
-      "env[PATH]" = lib.makeBinPath [ pkgs.php ];
 
       "catch_workers_output" = true;
       "php_admin_flag[log_errors]" = true;
@@ -95,7 +102,10 @@ in {
       $wgGroupPermissions['*']['edit'] = false;
 
       # Styling
-      $wgLogo = "/PNG/PVV-logo.png";
+      $wgLogos = array(
+        "2x" => "/PNG/PVV-logo.png",
+        "svg" => "/PNG/PVV-logo.svg",
+      );
       $wgDefaultSkin = "monobook";
 
       # Misc
@@ -106,15 +116,13 @@ in {
 
       # SimpleSAML
       $wgSimpleSAMLphp_InstallDir = "${simplesamlphp}/share/php/simplesamlphp/";
-      $wgSimpleSAMLphp_AuthSourceId = "default-sp";
-      $wgSimpleSAMLphp_RealNameAttribute = "cn";
-      $wgSimpleSAMLphp_EmailAttribute = "mail";
-      $wgSimpleSAMLphp_UsernameAttribute = "uid";
-
       $wgPluggableAuth_Config['Log in using my SAML'] = [
         'plugin' => 'SimpleSAMLphp',
         'data' => [
           'authSourceId' => 'default-sp',
+          'usernameAttribute' => 'uid',
+          'emailAttribute' => 'mail',
+          'realNameAttribute' => 'cn',
         ]
       ];
 
@@ -123,13 +131,9 @@ in {
     '';
   };
 
-          # 'usernameAttribute' => 'username',
-          # 'realNameAttribute' => 'name',
-          # 'emailAttribute' => 'email'
-
   # Cache directory for simplesamlphp
   # systemd.services.phpfpm-mediawiki.serviceConfig.CacheDirectory = "mediawiki/simplesamlphp";
-  systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp/core".d = {
+  systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp".d = {
     user = "mediawiki";
     group = "mediawiki";
     mode = "0770";
@@ -207,18 +211,7 @@ in {
       "/images".root = config.services.mediawiki.uploadsDir;
 
       "= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
-
-      # Redirects from gitea
-      "/Projects".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "^~ /Projects/(.+\\.php)".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/oysteikt".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/Drift".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/felixalb".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/adriangl".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/danio".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/pederbs".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/jonmro".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
-      "/explore".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
+      "= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
     };
   };
 }
diff --git a/hosts/bekkalokk/services/mediawiki/simplesaml-authsources.php b/hosts/bekkalokk/services/mediawiki/simplesaml-authsources.php
new file mode 100644
index 0000000..35ca0e4
--- /dev/null
+++ b/hosts/bekkalokk/services/mediawiki/simplesaml-authsources.php
@@ -0,0 +1,12 @@
+<?php
+$config = array(
+    'admin' => array(
+      'core:AdminPassword'
+    ),
+    'default-sp' => array(
+        'saml:SP',
+        'entityID' => 'https://wiki2.pvv.ntnu.no/simplesaml/',
+        # 'entityID' => 'https://idp2.pvv.ntnu.no/',
+        'idp' => 'https://idp2.pvv.ntnu.no/',
+    ),
+);
diff --git a/hosts/bekkalokk/services/mediawiki/simplesamlphp/config.php b/hosts/bekkalokk/services/mediawiki/simplesaml-config.php
similarity index 99%
rename from hosts/bekkalokk/services/mediawiki/simplesamlphp/config.php
rename to hosts/bekkalokk/services/mediawiki/simplesaml-config.php
index 4f96ea6..f383e0b 100644
--- a/hosts/bekkalokk/services/mediawiki/simplesamlphp/config.php
+++ b/hosts/bekkalokk/services/mediawiki/simplesaml-config.php
@@ -66,7 +66,7 @@ $config = [
      * When specified as a relative path, this is relative to the SimpleSAMLphp
      * root directory.
      */
-    'cachedir' => '/var/cache/mediawiki/simplesamlphp',
+    'cachedir' => '$CACHE_DIRECTORY',
     //'loggingdir' => '/var/log/',
     //'datadir' => '/var/data/',
 
@@ -1195,7 +1195,7 @@ $config = [
      * See http://www.php.net/manual/en/pdo.drivers.php for the various
      * syntaxes.
      */
-    'store.sql.dsn'                 => 'sqlite:/var/lib/mediawiki/simplesamlphp.sqlite3',
+    'store.sql.dsn'                 => 'sqlite:$STATE_DIRECTORY/simplesamlphp.sqlite3',
 
     /*
      * The username and password to use when connecting to the database.
diff --git a/hosts/bekkalokk/services/mediawiki/simplesamlphp/authsources.php b/hosts/bekkalokk/services/mediawiki/simplesamlphp/authsources.php
deleted file mode 100644
index e0797f8..0000000
--- a/hosts/bekkalokk/services/mediawiki/simplesamlphp/authsources.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-$config = array(
-
-    /* This is the name of this authentication source, and will be used to access it later. */
-    'default-sp' => array(
-        'saml:SP',
-        # 'entityID' => 'https://wiki.pvv.ntnu.no/',
-        'entityID' => 'https://wiki2.pvv.ntnu.no/',
-        'idp' => 'https://idp.pvv.ntnu.no/',
-    ),
-);
diff --git a/hosts/bekkalokk/services/mediawiki/simplesamlphp/saml20-idp-remote.php b/hosts/bekkalokk/services/mediawiki/simplesamlphp/saml20-idp-remote.php
deleted file mode 100644
index 5b9254d..0000000
--- a/hosts/bekkalokk/services/mediawiki/simplesamlphp/saml20-idp-remote.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-$metadata['https://idp.pvv.ntnu.no/'] = array (
-  'metadata-set' => 'saml20-idp-remote',
-  'entityid' => 'https://idp.pvv.ntnu.no/',
-  'SingleSignOnService' => 
-  array (
-    0 => 
-    array (
-      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-      'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
-    ),
-  ),
-  'SingleLogoutService' => 
-  array (
-    0 => 
-    array (
-      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-      'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
-    ),
-  ),
-  'certData' => 'MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==',
-  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
-);