auth: add imageFile option

2025-04-16 14:55:55 +04:00
parent 1f67bb5a85
commit 56a56b67b4
5 changed files with 76 additions and 10 deletions
--- a/auth/auth-module.nix
+++ b/auth/auth-module.nix
@@ -199,6 +199,13 @@ in
                }
              );
            };
+            imageFile = mkOption {
+              type = types.nullOr lib.types.path;
+              description = ''
+                Filepath of an image which is displayed in Kanidm web GUI for a service.
+              '';
+              default = null;
+            };
          };
        }
      );
@@ -294,6 +301,7 @@ in
         , clientID
         , displayName
         , enablePkce
+         , imageFile
         , originLanding
         , originUrl
         , scopeMaps
@@ -312,8 +320,9 @@ in
              basicSecretFile
              claimMaps
              displayName
-              originUrl
+              imageFile
              originLanding
+              originUrl
              scopeMaps
              ;
            preferShortUsername = useShortPreferredUsername;
--- a/auth/auth.nix
+++ b/auth/auth.nix
@@ -87,15 +87,9 @@ lib.mkIf config.selfprivacy.sso.enable {
      _final: prev: {
        inherit (nixpkgs-2411.legacyPackages.${prev.system}) kanidm;
        kanidm-provision =
-          nixpkgs-2411.legacyPackages.${prev.system}.kanidm-provision.overrideAttrs (_: {
-            version = "git";
-            src = prev.fetchFromGitHub {
-              owner = "oddlama";
-              repo = "kanidm-provision";
-              rev = "d1f55c9247a6b25d30bbe90a74307aaac6306db4";
-              hash = "sha256-cZ3QbowmWX7j1eJRiUP52ao28xZzC96OdZukdWDHfFI=";
-            };
-          });
+          (nixpkgs-2411.legacyPackages.${prev.system}).callPackage
+            ./kanidm-provision.nix
+            { };
      }
    )
  ];
--- a/auth/kanidm-provision.nix
+++ b/auth/kanidm-provision.nix
@@ -0,0 +1,52 @@
+{
+  lib,
+  rustPlatform,
+  fetchFromGitHub,
+  yq,
+  versionCheckHook,
+  nix-update-script,
+  nixosTests,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "kanidm-provision";
+  version = "1.2.0";
+
+  src = fetchFromGitHub {
+    owner = "oddlama";
+    repo = "kanidm-provision";
+    tag = "v${version}";
+    hash = "sha256-+NQJEAJ0DqKEV1cYZN7CLzGoBJNUL3SQAMmxRQG5DMI=";
+  };
+
+  postPatch = ''
+    tomlq -ti '.package.version = "${version}"' Cargo.toml
+  '';
+
+  useFetchCargoVendor = true;
+  cargoHash = "sha256-uo/TGyfNChq/t6Dah0HhXhAwktyQk0V/wewezZuftNk=";
+
+  nativeBuildInputs = [
+    yq # for `tomlq`
+  ];
+
+  nativeInstallCheckInputs = [ versionCheckHook ];
+  versionCheckProgramArg = "--version";
+  doInstallCheck = true;
+
+  passthru = {
+    tests = { inherit (nixosTests) kanidm-provisioning; };
+    updateScript = nix-update-script { };
+  };
+
+  meta = {
+    description = "A small utility to help with kanidm provisioning";
+    homepage = "https://github.com/oddlama/kanidm-provision";
+    license = with lib.licenses; [
+      asl20
+      mit
+    ];
+    maintainers = with lib.maintainers; [ oddlama ];
+    mainProgram = "kanidm-provision";
+  };
+}
--- a/auth/kanidm.nix
+++ b/auth/kanidm.nix
@@ -572,6 +572,16 @@ in
                default = null;
              };

+              imageFile = mkOption {
+                description = ''
+                  Application image to display in the WebUI.
+                  Kanidm supports "image/jpeg", "image/png", "image/gif", "image/svg+xml", and "image/webp".
+                  The image will be uploaded each time kanidm-provision is run.
+                '';
+                type = types.nullOr types.path;
+                default = null;
+              };
+
              enableLocalhostRedirects = mkOption {
                description = "Allow localhost redirects. Only for public clients.";
                type = types.bool;