diff options
Diffstat (limited to 'trivionomicon')
| -rw-r--r-- | trivionomicon/flake.nix | 2 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/sys.nix | 19 | ||||
| -rw-r--r-- | trivionomicon/modules/mediawiki/options.nix | 18 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch | 10 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/firmador.nix | 10 |
5 files changed, 32 insertions, 27 deletions
diff --git a/trivionomicon/flake.nix b/trivionomicon/flake.nix index 2b53ebd..151c3d3 100644 --- a/trivionomicon/flake.nix +++ b/trivionomicon/flake.nix @@ -210,7 +210,7 @@ }: flakes.nixpkgs.lib.makeOverridable flakes.nixpkgs.lib.nixosSystem { inherit pkgs; - inherit (pkgs) system; + inherit (pkgs.stdenv.hostPlatform) system; modules = [self.nixosModules.default] ++ modules; diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix index 631185d..2dd56e2 100644 --- a/trivionomicon/modules/athena-bccr/sys.nix +++ b/trivionomicon/modules/athena-bccr/sys.nix @@ -19,8 +19,23 @@ in { systemPackages = [athena.ase-pkcs11]; }; - #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA - security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + security = { + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA + pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + + polkit = { + enable = lib.mkDefault true; + + extraConfig = '' + polkit.addRule(function(action, subject) { + if ((action.id == "org.debian.pcsc-lite.access_pcsc" || action.id == "org.debian.pcsc-lite.access_card") && + subject.isInGroup("users")) { + return polkit.Result.YES; + } + }); + ''; + }; + }; services = { pcscd.enable = true; diff --git a/trivionomicon/modules/mediawiki/options.nix b/trivionomicon/modules/mediawiki/options.nix index 9fe0723..bb39a14 100644 --- a/trivionomicon/modules/mediawiki/options.nix +++ b/trivionomicon/modules/mediawiki/options.nix @@ -15,13 +15,14 @@ with lib.types; { passwordFile = lib.mkOption { type = types.path; - description = "path of passwordfile for mediawiki"; + description = "A file containing the initial password for the administrator account 'admin'"; example = "/run/keys/mediawiki-password"; }; skins = lib.mkOption { type = types.attrsOf (types.nullOr str); description = "skins for mediawiki"; + default = {}; example = '' { citizen = "flakes.mediawikiSkinCitizen"; };''; @@ -29,29 +30,18 @@ with lib.types; { extraConfig = lib.mkOption { type = str; + default = ""; example = '' # Disable anonymous editing and account creation $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false; - - $wgCitizenThemeDefault = 'dark'; - $wgCitizenShowPageTools = 'login'; - $wgLogos = [ - 'icon' => "https://example.com/favicon.png", - '1x' => "https://example.com/favicon.png", - '2x' => "https://example.com/favicon.png", - ]; - - $wgEnableEmail = false; #TODO: arreglar esto - $wgNoReplyAddress = 'mediawiki@example.com'; - $wgEmergencyContact = 'mediawiki@example.com'; - $wgPasswordSender = 'mediawiki@example.com'; ''; }; extensions = lib.mkOption { type = types.attrsOf (types.nullOr types.path); description = "some extensions are included and can enabled by passing null"; + default = {}; example = '' { VisualEditor = null; CategoryTree = null; diff --git a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch index e7fc5d5..a15896a 100644 --- a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch +++ b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch @@ -8,18 +8,18 @@ Subject: [PATCH] Remove CheckUpdatePlugin from default list 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/cr/libre/firmador/Settings.java b/src/main/java/cr/libre/firmador/Settings.java -index e5ddf01..a028d6e 100644 +index e392a82..c2ab5e4 100644 --- a/src/main/java/cr/libre/firmador/Settings.java +++ b/src/main/java/cr/libre/firmador/Settings.java -@@ -81,7 +81,7 @@ public class Settings { - +@@ -160,7 +160,7 @@ public class Settings { + @SuppressWarnings("this-escape") public Settings() { activePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); - activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + // activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + // activePlugins.add("cr.libre.firmador.plugins.DocumentSignLogs"); availablePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); availablePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); - } -- -2.49.0 +2.51.2 diff --git a/trivionomicon/pkgs/athena-bccr/firmador.nix b/trivionomicon/pkgs/athena-bccr/firmador.nix index 8ae8750..e07235b 100644 --- a/trivionomicon/pkgs/athena-bccr/firmador.nix +++ b/trivionomicon/pkgs/athena-bccr/firmador.nix @@ -11,7 +11,7 @@ enableJavaFX = true; }; - version = "1.9.8"; + version = "1.9.8+master"; in maven.buildMavenPackage { pname = "firmador"; @@ -19,15 +19,15 @@ in src = fetchgit { url = "https://codeberg.org/firmador/firmador"; - rev = version; - hash = "sha256-xdiVPjihRADPK4nG+WQHWsDzVYLCeN6ouQ6SDtjf1qQ="; + rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7"; + hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ="; }; patches = [ ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-m3UaOLNyIlVAOI5tzxMlxg4KZ1N5gT2O2WSka+jBat4="; + mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; nativeBuildInputs = [ makeWrapper @@ -35,7 +35,7 @@ in ]; postPatch = lib.optionalString (libasep11 != null) '' - sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/CRSigner.java + sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/signers/CRSigner.java ''; installPhase = '' |