rebase mediawiki
Eval nix flake / evals (push) Failing after 1m48s
Details
Eval nix flake / evals (push) Failing after 1m48s
Details
This commit is contained in:
parent
1b4eb641e6
commit
fda9cc2795
|
@ -8,19 +8,27 @@
|
||||||
group = config.users.users.${user}.group;
|
group = config.users.users.${user}.group;
|
||||||
|
|
||||||
simplesamlphp = pkgs.simplesamlphp.override {
|
simplesamlphp = pkgs.simplesamlphp.override {
|
||||||
authsourcesFile = ./simplesamlphp/authsources.php;
|
extra_files = {
|
||||||
saml20-idp-remoteFile = ./simplesamlphp/saml20-idp-remote.php;
|
"metadata/saml20-idp-remote.php" = pkgs.writeText "mediawiki-saml20-idp-remote.php" (import ../idp-simplesamlphp/metadata.php.nix);
|
||||||
configFile = pkgs.runCommandLocal "mediawiki-simplesamlphp-config.php" { } ''
|
|
||||||
cp ${./simplesamlphp/config.php} "$out"
|
"config/authsources.php" = ./simplesaml-authsources.php;
|
||||||
|
|
||||||
|
"config/config.php" = pkgs.runCommandLocal "mediawiki-simplesamlphp-config.php" { } ''
|
||||||
|
cp ${./simplesaml-config.php} "$out"
|
||||||
|
|
||||||
substituteInPlace "$out" \
|
substituteInPlace "$out" \
|
||||||
--replace '$SAML_COOKIE_SECURE' 'true' \
|
--replace '$SAML_COOKIE_SECURE' 'true' \
|
||||||
--replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \
|
--replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \
|
||||||
--replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \
|
--replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \
|
||||||
--replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )'
|
--replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )' \
|
||||||
|
--replace '$STATE_DIRECTORY' '/var/lib/mediawiki' \
|
||||||
|
--replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
|
services.idp.sp-remote-metadata = [ "https://wiki2.pvv.ntnu.no/simplesaml/" ];
|
||||||
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"mediawiki/password" = {
|
"mediawiki/password" = {
|
||||||
restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ];
|
restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ];
|
||||||
|
@ -65,7 +73,6 @@ in {
|
||||||
"pm.max_spare_servers" = 4;
|
"pm.max_spare_servers" = 4;
|
||||||
"listen.owner" = listenUser;
|
"listen.owner" = listenUser;
|
||||||
"listen.group" = listenGroup;
|
"listen.group" = listenGroup;
|
||||||
"env[PATH]" = lib.makeBinPath [ pkgs.php ];
|
|
||||||
|
|
||||||
"catch_workers_output" = true;
|
"catch_workers_output" = true;
|
||||||
"php_admin_flag[log_errors]" = true;
|
"php_admin_flag[log_errors]" = true;
|
||||||
|
@ -95,7 +102,10 @@ in {
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
|
|
||||||
# Styling
|
# Styling
|
||||||
$wgLogo = "/PNG/PVV-logo.png";
|
$wgLogos = array(
|
||||||
|
"2x" => "/PNG/PVV-logo.png",
|
||||||
|
"svg" => "/PNG/PVV-logo.svg",
|
||||||
|
);
|
||||||
$wgDefaultSkin = "monobook";
|
$wgDefaultSkin = "monobook";
|
||||||
|
|
||||||
# Misc
|
# Misc
|
||||||
|
@ -106,15 +116,13 @@ in {
|
||||||
|
|
||||||
# SimpleSAML
|
# SimpleSAML
|
||||||
$wgSimpleSAMLphp_InstallDir = "${simplesamlphp}/share/php/simplesamlphp/";
|
$wgSimpleSAMLphp_InstallDir = "${simplesamlphp}/share/php/simplesamlphp/";
|
||||||
$wgSimpleSAMLphp_AuthSourceId = "default-sp";
|
|
||||||
$wgSimpleSAMLphp_RealNameAttribute = "cn";
|
|
||||||
$wgSimpleSAMLphp_EmailAttribute = "mail";
|
|
||||||
$wgSimpleSAMLphp_UsernameAttribute = "uid";
|
|
||||||
|
|
||||||
$wgPluggableAuth_Config['Log in using my SAML'] = [
|
$wgPluggableAuth_Config['Log in using my SAML'] = [
|
||||||
'plugin' => 'SimpleSAMLphp',
|
'plugin' => 'SimpleSAMLphp',
|
||||||
'data' => [
|
'data' => [
|
||||||
'authSourceId' => 'default-sp',
|
'authSourceId' => 'default-sp',
|
||||||
|
'usernameAttribute' => 'uid',
|
||||||
|
'emailAttribute' => 'mail',
|
||||||
|
'realNameAttribute' => 'cn',
|
||||||
]
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -123,13 +131,9 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# 'usernameAttribute' => 'username',
|
|
||||||
# 'realNameAttribute' => 'name',
|
|
||||||
# 'emailAttribute' => 'email'
|
|
||||||
|
|
||||||
# Cache directory for simplesamlphp
|
# Cache directory for simplesamlphp
|
||||||
# systemd.services.phpfpm-mediawiki.serviceConfig.CacheDirectory = "mediawiki/simplesamlphp";
|
# systemd.services.phpfpm-mediawiki.serviceConfig.CacheDirectory = "mediawiki/simplesamlphp";
|
||||||
systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp/core".d = {
|
systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp".d = {
|
||||||
user = "mediawiki";
|
user = "mediawiki";
|
||||||
group = "mediawiki";
|
group = "mediawiki";
|
||||||
mode = "0770";
|
mode = "0770";
|
||||||
|
@ -207,18 +211,7 @@ in {
|
||||||
"/images".root = config.services.mediawiki.uploadsDir;
|
"/images".root = config.services.mediawiki.uploadsDir;
|
||||||
|
|
||||||
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
|
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
|
||||||
|
"= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
|
||||||
# Redirects from gitea
|
|
||||||
"/Projects".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"^~ /Projects/(.+\\.php)".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/oysteikt".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/Drift".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/felixalb".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/adriangl".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/danio".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/pederbs".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/jonmro".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
"/explore".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
<?php
|
||||||
|
$config = array(
|
||||||
|
'admin' => array(
|
||||||
|
'core:AdminPassword'
|
||||||
|
),
|
||||||
|
'default-sp' => array(
|
||||||
|
'saml:SP',
|
||||||
|
'entityID' => 'https://wiki2.pvv.ntnu.no/simplesaml/',
|
||||||
|
# 'entityID' => 'https://idp2.pvv.ntnu.no/',
|
||||||
|
'idp' => 'https://idp2.pvv.ntnu.no/',
|
||||||
|
),
|
||||||
|
);
|
|
@ -66,7 +66,7 @@ $config = [
|
||||||
* When specified as a relative path, this is relative to the SimpleSAMLphp
|
* When specified as a relative path, this is relative to the SimpleSAMLphp
|
||||||
* root directory.
|
* root directory.
|
||||||
*/
|
*/
|
||||||
'cachedir' => '/var/cache/mediawiki/simplesamlphp',
|
'cachedir' => '$CACHE_DIRECTORY',
|
||||||
//'loggingdir' => '/var/log/',
|
//'loggingdir' => '/var/log/',
|
||||||
//'datadir' => '/var/data/',
|
//'datadir' => '/var/data/',
|
||||||
|
|
||||||
|
@ -1195,7 +1195,7 @@ $config = [
|
||||||
* See http://www.php.net/manual/en/pdo.drivers.php for the various
|
* See http://www.php.net/manual/en/pdo.drivers.php for the various
|
||||||
* syntaxes.
|
* syntaxes.
|
||||||
*/
|
*/
|
||||||
'store.sql.dsn' => 'sqlite:/var/lib/mediawiki/simplesamlphp.sqlite3',
|
'store.sql.dsn' => 'sqlite:$STATE_DIRECTORY/simplesamlphp.sqlite3',
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The username and password to use when connecting to the database.
|
* The username and password to use when connecting to the database.
|
|
@ -1,11 +0,0 @@
|
||||||
<?php
|
|
||||||
$config = array(
|
|
||||||
|
|
||||||
/* This is the name of this authentication source, and will be used to access it later. */
|
|
||||||
'default-sp' => array(
|
|
||||||
'saml:SP',
|
|
||||||
# 'entityID' => 'https://wiki.pvv.ntnu.no/',
|
|
||||||
'entityID' => 'https://wiki2.pvv.ntnu.no/',
|
|
||||||
'idp' => 'https://idp.pvv.ntnu.no/',
|
|
||||||
),
|
|
||||||
);
|
|
|
@ -1,23 +0,0 @@
|
||||||
<?php
|
|
||||||
$metadata['https://idp.pvv.ntnu.no/'] = array (
|
|
||||||
'metadata-set' => 'saml20-idp-remote',
|
|
||||||
'entityid' => 'https://idp.pvv.ntnu.no/',
|
|
||||||
'SingleSignOnService' =>
|
|
||||||
array (
|
|
||||||
0 =>
|
|
||||||
array (
|
|
||||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
|
||||||
'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'SingleLogoutService' =>
|
|
||||||
array (
|
|
||||||
0 =>
|
|
||||||
array (
|
|
||||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
|
||||||
'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'certData' => 'MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==',
|
|
||||||
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
|
|
||||||
);
|
|
Loading…
Reference in New Issue