diff --git a/auth/auth-module.nix b/auth/auth-module.nix index bd89edb..f75334e 100644 --- a/auth/auth-module.nix +++ b/auth/auth-module.nix @@ -199,6 +199,13 @@ in } ); }; + imageFile = mkOption { + type = types.nullOr lib.types.path; + description = '' + Filepath of an image which is displayed in Kanidm web GUI for a service. + ''; + default = null; + }; }; } ); @@ -294,6 +301,7 @@ in , clientID , displayName , enablePkce + , imageFile , originLanding , originUrl , scopeMaps @@ -312,8 +320,9 @@ in basicSecretFile claimMaps displayName - originUrl + imageFile originLanding + originUrl scopeMaps ; preferShortUsername = useShortPreferredUsername; diff --git a/auth/auth.nix b/auth/auth.nix index 5753bfe..6e72b48 100644 --- a/auth/auth.nix +++ b/auth/auth.nix @@ -87,15 +87,9 @@ lib.mkIf config.selfprivacy.sso.enable { _final: prev: { inherit (nixpkgs-2411.legacyPackages.${prev.system}) kanidm; kanidm-provision = - nixpkgs-2411.legacyPackages.${prev.system}.kanidm-provision.overrideAttrs (_: { - version = "git"; - src = prev.fetchFromGitHub { - owner = "oddlama"; - repo = "kanidm-provision"; - rev = "d1f55c9247a6b25d30bbe90a74307aaac6306db4"; - hash = "sha256-cZ3QbowmWX7j1eJRiUP52ao28xZzC96OdZukdWDHfFI="; - }; - }); + (nixpkgs-2411.legacyPackages.${prev.system}).callPackage + ./kanidm-provision.nix + { }; } ) ]; diff --git a/auth/kanidm-provision.nix b/auth/kanidm-provision.nix new file mode 100644 index 0000000..fe09d0e --- /dev/null +++ b/auth/kanidm-provision.nix @@ -0,0 +1,52 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + yq, + versionCheckHook, + nix-update-script, + nixosTests, +}: + +rustPlatform.buildRustPackage rec { + pname = "kanidm-provision"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "oddlama"; + repo = "kanidm-provision"; + tag = "v${version}"; + hash = "sha256-+NQJEAJ0DqKEV1cYZN7CLzGoBJNUL3SQAMmxRQG5DMI="; + }; + + postPatch = '' + tomlq -ti '.package.version = "${version}"' Cargo.toml + ''; + + useFetchCargoVendor = true; + cargoHash = "sha256-uo/TGyfNChq/t6Dah0HhXhAwktyQk0V/wewezZuftNk="; + + nativeBuildInputs = [ + yq # for `tomlq` + ]; + + nativeInstallCheckInputs = [ versionCheckHook ]; + versionCheckProgramArg = "--version"; + doInstallCheck = true; + + passthru = { + tests = { inherit (nixosTests) kanidm-provisioning; }; + updateScript = nix-update-script { }; + }; + + meta = { + description = "A small utility to help with kanidm provisioning"; + homepage = "https://github.com/oddlama/kanidm-provision"; + license = with lib.licenses; [ + asl20 + mit + ]; + maintainers = with lib.maintainers; [ oddlama ]; + mainProgram = "kanidm-provision"; + }; +} diff --git a/auth/kanidm.nix b/auth/kanidm.nix index 6903b07..7290374 100644 --- a/auth/kanidm.nix +++ b/auth/kanidm.nix @@ -572,6 +572,16 @@ in default = null; }; + imageFile = mkOption { + description = '' + Application image to display in the WebUI. + Kanidm supports "image/jpeg", "image/png", "image/gif", "image/svg+xml", and "image/webp". + The image will be uploaded each time kanidm-provision is run. + ''; + type = types.nullOr types.path; + default = null; + }; + enableLocalhostRedirects = mkOption { description = "Allow localhost redirects. Only for public clients."; type = types.bool; diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix index 15c3038..fbf0b0e 100644 --- a/sp-modules/gitea/module.nix +++ b/sp-modules/gitea/module.nix @@ -386,6 +386,7 @@ in selfprivacy.auth.clients."${oauthClientID}" = { inherit adminsGroup usersGroup; + imageFile = "${pkgs.forgejo.data}/public/assets/img/logo.svg"; subdomain = cfg.subdomain; isTokenNeeded = true; originLanding =