Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Wiki Activity

Compare commits

base: Drift:4c900b89ab3ad9b549067fa87595525336ef0061
Branches Tags
Drift:main
Drift:gitea-gpg-signing
Drift:pvvvvv
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:setup-openvpn-tunnel
Drift:shark-kanidm
Drift:prometheusexim
...
compare: Drift:205fba0a1054f3708c34e9135efa85507b4193b8
Branches Tags
Drift:main
Drift:gitea-gpg-signing
Drift:pvvvvv
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:setup-openvpn-tunnel
Drift:shark-kanidm
Drift:prometheusexim

3 Commits
4c900b89ab ... 205fba0a10

Author SHA1 Message Date
Oystein Kristoffer Tveit 205fba0a10 rebase secrets
Eval nix flake / evals (push) Failing after 1m48s Details
2024-03-30 22:56:01 +01:00
Oystein Kristoffer Tveit ccbf081be2 rebase mediawiki 2024-03-30 22:55:48 +01:00
Oystein Kristoffer Tveit 625fa36e39 rebase idp 2024-03-30 22:55:07 +01:00
4 changed files with 17 additions and 15 deletions
Show Stats Expand all files Collapse all files

16
hosts/bekkalokk/services/idp-simplesamlphp/config.php
View File

@ -125,8 +125,8 @@ $config = [
* The email address will be used as the recipient address for error reports, and * The email address will be used as the recipient address for error reports, and
* also as the technical contact in generated metadata. * also as the technical contact in generated metadata.
*/ */
'technicalcontact_name' => 'Administrator', 'technicalcontact_name' => $SAML_ADMIN_NAME,
'technicalcontact_email' => 'na@example.org', 'technicalcontact_email' => $SAML_ADMIN_EMAIL,
/* /*
* (Optional) The method by which email is delivered. Defaults to mail which utilizes the * (Optional) The method by which email is delivered. Defaults to mail which utilizes the
@ -476,13 +476,13 @@ $config = [
* Ensure that you have the required PDO database driver installed * Ensure that you have the required PDO database driver installed
* for your connection string. * for your connection string.
*/ */
'database.dsn' => 'postgres:host=bicep.pvv.ntnu.no;dbname=idp', 'database.dsn' => $SAML_DATABASE_DSN,
/* /*
* SQL database credentials * SQL database credentials
*/ */
'database.username' => 'idp', 'database.username' => $SAML_DATABASE_USERNAME,
'database.password' => 'secret', 'database.password' => $SAML_DATABASE_PASSWORD,
'database.options' => [], 'database.options' => [],
/* /*
@ -1195,13 +1195,13 @@ $config = [
* See http://www.php.net/manual/en/pdo.drivers.php for the various * See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes. * syntaxes.
*/ */
'store.sql.dsn' => 'sqlite:$STATE_DIRECTORY/simplesamlphp.sqlite3', 'store.sql.dsn' => $SAML_DATABASE_DSN,
/* /*
* The username and password to use when connecting to the database. * The username and password to use when connecting to the database.
*/ */
'store.sql.username' => null, 'store.sql.username' => $SAML_DATABASE_USERNAME,
'store.sql.password' => null, 'store.sql.password' => $SAML_DATABASE_PASSWORD,
/* /*
* The prefix we should use on our tables. * The prefix we should use on our tables.

3
hosts/bekkalokk/services/idp-simplesamlphp/default.nix
View File

@ -86,12 +86,13 @@ let
substituteInPlace "$out" \ substituteInPlace "$out" \
--replace '$SAML_COOKIE_SECURE' 'true' \ --replace '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \ --replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \ --replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \ --replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \ --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace '$SAML_DATABASE_USERNAME' '"idp"' \ --replace '$SAML_DATABASE_USERNAME' '"idp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \ --replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
--replace '$STATE_DIRECTORY' '/var/lib/idp' \
--replace '$CACHE_DIRECTORY' '/var/cache/idp' --replace '$CACHE_DIRECTORY' '/var/cache/idp'
''; '';

3
hosts/bekkalokk/services/mediawiki/default.nix
View File

@ -19,12 +19,13 @@
substituteInPlace "$out" \ substituteInPlace "$out" \
--replace '$SAML_COOKIE_SECURE' 'true' \ --replace '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \ --replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \ --replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )' \ --replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \ --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \ --replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \ --replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
--replace '$STATE_DIRECTORY' '/var/lib/mediawiki' \
--replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp' --replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
''; '';
}; };

10
hosts/bekkalokk/services/mediawiki/simplesaml-config.php
View File

@ -125,8 +125,8 @@ $config = [
* The email address will be used as the recipient address for error reports, and * The email address will be used as the recipient address for error reports, and
* also as the technical contact in generated metadata. * also as the technical contact in generated metadata.
*/ */
'technicalcontact_name' => 'Administrator', 'technicalcontact_name' => $SAML_ADMIN_NAME,
'technicalcontact_email' => 'na@example.org', 'technicalcontact_email' => $SAML_ADMIN_EMAIL,
/* /*
* (Optional) The method by which email is delivered. Defaults to mail which utilizes the * (Optional) The method by which email is delivered. Defaults to mail which utilizes the
@ -1195,13 +1195,13 @@ $config = [
* See http://www.php.net/manual/en/pdo.drivers.php for the various * See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes. * syntaxes.
*/ */
'store.sql.dsn' => 'sqlite:$STATE_DIRECTORY/simplesamlphp.sqlite3', 'store.sql.dsn' => $SAML_DATABASE_DSN,
/* /*
* The username and password to use when connecting to the database. * The username and password to use when connecting to the database.
*/ */
'store.sql.username' => null, 'store.sql.username' => $SAML_DATABASE_USERNAME,
'store.sql.password' => null, 'store.sql.password' => $SAML_DATABASE_PASSWORD,
/* /*
* The prefix we should use on our tables. * The prefix we should use on our tables.