diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/athena-bccr/sys.nix | 19 | ||||
| -rw-r--r-- | modules/mediawiki/options.nix | 18 |
2 files changed, 21 insertions, 16 deletions
diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 631185d..2dd56e2 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -19,8 +19,23 @@ in { systemPackages = [athena.ase-pkcs11]; }; - #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA - security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + security = { + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA + pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + + polkit = { + enable = lib.mkDefault true; + + extraConfig = '' + polkit.addRule(function(action, subject) { + if ((action.id == "org.debian.pcsc-lite.access_pcsc" || action.id == "org.debian.pcsc-lite.access_card") && + subject.isInGroup("users")) { + return polkit.Result.YES; + } + }); + ''; + }; + }; services = { pcscd.enable = true; diff --git a/modules/mediawiki/options.nix b/modules/mediawiki/options.nix index 9fe0723..bb39a14 100644 --- a/modules/mediawiki/options.nix +++ b/modules/mediawiki/options.nix @@ -15,13 +15,14 @@ with lib.types; { passwordFile = lib.mkOption { type = types.path; - description = "path of passwordfile for mediawiki"; + description = "A file containing the initial password for the administrator account 'admin'"; example = "/run/keys/mediawiki-password"; }; skins = lib.mkOption { type = types.attrsOf (types.nullOr str); description = "skins for mediawiki"; + default = {}; example = '' { citizen = "flakes.mediawikiSkinCitizen"; };''; @@ -29,29 +30,18 @@ with lib.types; { extraConfig = lib.mkOption { type = str; + default = ""; example = '' # Disable anonymous editing and account creation $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false; - - $wgCitizenThemeDefault = 'dark'; - $wgCitizenShowPageTools = 'login'; - $wgLogos = [ - 'icon' => "https://example.com/favicon.png", - '1x' => "https://example.com/favicon.png", - '2x' => "https://example.com/favicon.png", - ]; - - $wgEnableEmail = false; #TODO: arreglar esto - $wgNoReplyAddress = 'mediawiki@example.com'; - $wgEmergencyContact = 'mediawiki@example.com'; - $wgPasswordSender = 'mediawiki@example.com'; ''; }; extensions = lib.mkOption { type = types.attrsOf (types.nullOr types.path); description = "some extensions are included and can enabled by passing null"; + default = {}; example = '' { VisualEditor = null; CategoryTree = null; |