From 2b76fad50c2e14b78cf2a375cf064eedda406d5b Mon Sep 17 00:00:00 2001 From: Lyes Saadi Date: Thu, 29 May 2025 18:50:05 +0200 Subject: [PATCH] Ajout de l'Auth LDAP --- modules/services/mediawiki.nix | 37 ++++++++++++++++++++++++++- secrets.nix | 1 + secrets/mediakiwi/mediawiki-ldap.age | Bin 0 -> 1544 bytes 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 secrets/mediakiwi/mediawiki-ldap.age diff --git a/modules/services/mediawiki.nix b/modules/services/mediawiki.nix index 20b9b16..1f1f208 100644 --- a/modules/services/mediawiki.nix +++ b/modules/services/mediawiki.nix @@ -11,6 +11,11 @@ in owner = "mediawiki"; }; + age.secrets.mediawiki-ldap = { + file = ../../secrets/mediakiwi/mediawiki-ldap.age; + owner = "mediawiki"; + }; + services.mediawiki = { enable = true; @@ -53,6 +58,22 @@ in $wgEnotifWatchlist = true; # Peut-être utilisé pour les Wikistes $wgUsersNotifiedOnAllChanges = []; + + # Auth + $wgPluggableAuth_EnableLocalLogin = true; + $LDAPAuthentication2AllowLocalLogin = true; + $LDAPProviderDomainConfigs = "${config.age.secrets.mediawiki-ldap.path}"; + $wgPluggableAuth_Config = [ + "Compte Crans" => [ + 'plugin' => 'LDAPAuthentication2', + 'data' => [ + 'domain' => 'crans' + ] + ], + # "Note BDE" => [ + # 'plugin' => 'OpenIDConnect', + # ] + ]; # Theme $wgDefaultSkin = 'citizen'; @@ -77,6 +98,7 @@ in skins = { Citizen = pkgs.fetchFromGitHub { + name = "Citizen"; owner = "StarCitizenTools"; repo = "mediawiki-skins-Citizen"; tag = "v3.2.0"; @@ -96,16 +118,18 @@ in TextExtracts = null; PageImages = null; Popups = pkgs.fetchFromGitHub { + name = "Popups"; owner = "wikimedia"; repo = "mediawiki-extensions-Popups"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. - sha256 = "sha256-deKDEC87yTQrToZC5yNAH9tmV/5pFa4gsaSuOYXfIEo="; + sha256 = "sha256-Vn/XGVYvM5doPtTEONESdVhgZlH/Fku74MeQbGrwU/E="; }; # Auth PluggableAuth = pkgs.fetchFromGitHub { + name = "PluggableAuth"; owner = "wikimedia"; repo = "mediawiki-extensions-PluggableAuth"; rev = "REL" + major + "_" + minor; @@ -113,7 +137,17 @@ in # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-3+nzeWemVAHGmLz3ZMvDSvP2UCmsnEiGJcE/oEakr2s="; }; + LDAPProvider = pkgs.fetchFromGitHub { + name = "LDAPProvider"; + owner = "wikimedia"; + repo = "mediawiki-extensions-LDAPProvider"; + rev = "REL" + major + "_" + minor; + # Le SHA doit être changé à chaque nouveau commit de traduction. + # Pas de meilleure solution à ma connaissance pour suivre les releases. + sha256 = "sha256-bpj+MS4XKLoDdtEK+Mv7Ifa6qz215jKhSL1DOOw4ZPs="; + }; LDAPAuthentication2 = pkgs.fetchFromGitHub { + name = "LDAPAuthentication2"; owner = "wikimedia"; repo = "mediawiki-extensions-LDAPAuthentication2"; rev = "REL" + major + "_" + minor; @@ -122,6 +156,7 @@ in sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc="; }; OpenIDConnect = pkgs.fetchFromGitHub { + name = "OpenIDConnect"; owner = "wikimedia"; repo = "mediawiki-extensions-OpenIDConnect"; rev = "REL" + major + "_" + minor; diff --git a/secrets.nix b/secrets.nix index ac579c1..332b722 100644 --- a/secrets.nix +++ b/secrets.nix @@ -112,4 +112,5 @@ in "secrets/neo/database-extra-config.age".publicKeys = [ neo ]; "secrets/neo/matrix-appservice-irc-password.age".publicKeys = [ neo ]; "secrets/mediakiwi/mediawiki-admin-passwd.age".publicKeys = [ mediakiwi ]; + "secrets/mediakiwi/mediawiki-ldap.age".publicKeys = [ mediakiwi ]; } diff --git a/secrets/mediakiwi/mediawiki-ldap.age b/secrets/mediakiwi/mediawiki-ldap.age new file mode 100644 index 0000000000000000000000000000000000000000..deb72607fa796afafcecf162a72b6721bb93f738 GIT binary patch literal 1544 zcmZY5`F9Kl003Ybiq&X%jyfXy5+b@bv)5#2u$9@(9a zE%OM|Y$OwMGvbgJH>(u7DwT+IXbct)6b|vCrliI00+A$Q^N?VL)~sM*I)#HmshC;s zfFN;5%Q$fob%uj+wSgDMP-B!Z5NQ=3@QQi=u_|O3p#R582~d|1wxL>L*ecSf1mekRdxcgP0JMpeEU1ygDY%NGmiY+2lpm!9LbJnFokmzZ zPnaP+K3j_MiP9X*3nvLiNC#nK0Oruah%90S^{5WCMeOm{H8nsQ2|pXaLv}glF>6is zlw4`2g-le&VIq_c!{Y=dIv9$@<#O3puTtaJf(j4di%78ypwM#!Dhrh)d@^YkGV|4DH6g!p`Eh=rAFkrrbDu& z6l!no76adsyg@iRoq9I=Iw63%&1pXX?w4eNxzqbMFoCN`<&>dQ&iCXjZaiO>Hs35d zoqVu+L(feoca~_H8wc=+SnIdy{a8BXYlT2hmJpN zx!1+rkWJprFTeTx`nuI+(_dYR54)U=9j_JCw{0$*bF;{*Ebe#a#%M^T$LqC6Pi~dGPZcicvTewsvNiPCP*d6AWzzb_>%ATg`XIGy zac}mE0`k}8GnWiuhE{LZZe4nz$H3aKX!|dCL9qY4J~g_+Xlv!<_IVF(4Ikg!7puG2 zc~9?CllDKVZRAGZRh)WJgPNU3v)xwRxj#F99N0e6GlTkM{g5Z0UYVF%=pAu?)8jBx z+%%E(2DIP5>VEF~FI2Lo@MJ^Nskke*MpiJtSHp;ng*YNd_t)1Qo%}i_@% literal 0 HcmV?d00001