From b0250a75485a888ce0fe348b0fe7adb786bbdaaf Mon Sep 17 00:00:00 2001
From: Pyjacpp <pyjacpp@crans.org>
Date: Tue, 24 Feb 2026 19:41:52 +0100
Subject: [PATCH] feat: OpenID NoteKfet pour mediawiki

---
 hosts/vm/mediakiwi/default.nix   |  2 +-
 hosts/vm/mediakiwi/mediawiki.nix | 18 +++++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/hosts/vm/mediakiwi/default.nix b/hosts/vm/mediakiwi/default.nix
index d89b14d..bba9007 100644
--- a/hosts/vm/mediakiwi/default.nix
+++ b/hosts/vm/mediakiwi/default.nix
@@ -16,7 +16,7 @@
     enable = true;
 
     networking = {
-      id = "44";
+      id = 144;
       srvNat.enable = true;
     };
 
diff --git a/hosts/vm/mediakiwi/mediawiki.nix b/hosts/vm/mediakiwi/mediawiki.nix
index 79100f8..f8d5f54 100644
--- a/hosts/vm/mediakiwi/mediawiki.nix
+++ b/hosts/vm/mediakiwi/mediawiki.nix
@@ -16,6 +16,11 @@ in
     owner = "mediawiki";
   };
 
+  age.secrets.mediawiki-openid = {
+    file = ../../../secrets/mediakiwi/mediawiki-openid.age;
+    owner = "mediawiki";
+  };
+
   environment.systemPackages = with pkgs; [
     imagemagick
 
@@ -101,6 +106,8 @@ in
       $wgPluggableAuth_EnableLocalLogin = true;
       $LDAPAuthentication2AllowLocalLogin = true;
       $LDAPProviderDomainConfigs = "${config.age.secrets.mediawiki-ldap.path}";
+      # On importe les secrets pour l'OpenID.
+      require '${config.age.secrets.mediawiki-openid.path}';
       $wgPluggableAuth_Config = [
         "Compte Crans" => [
           'plugin' => 'LDAPAuthentication2',
@@ -108,9 +115,14 @@ in
             'domain' => 'crans'
           ]
         ],
-        # "Note BDE" => [
-        #   'plugin' => 'OpenIDConnect',
-        # ]
+        "Note BDE" => [
+          'plugin' => 'OpenIDConnect',
+          'data' => [
+            'providerURL' => 'https://note.crans.org/o/',
+            'clientID' => $SecretAgeOpenIDClientID,
+            'clientsecret' => $SecretAgeOpenIDClientSecret,
+          ]
+        ]
       ];
     
       # Theme