feat(self_host/sso): adding the images to the kanidm

2025-12-25 01:24:35 +01:00 · 2025-12-25 01:24:35 +01:00 · 2ca39ee7c9
commit 2ca39ee7c9
parent 655235c6ba
1 changed files with 29 additions and 4 deletions
--- a/services/self_host/sso.nix
+++ b/services/self_host/sso.nix
@ -9,6 +9,22 @@ let
  cfg = config.service.selfhost.sso;
  kanidm-admin = config.age.secrets."kanidm-admin".path;
  kanidm-idmAdmin = config.age.secrets."kanidm-idmAdmin".path;
+  imagesDir = "/user/share/kanidm/assets";
+  kanidmLogo = pkgs.fetchurl {
+    url = "https://raw.githubusercontent.com/doc-sheet/forgejo/refs/heads/forgejo/assets/logo.svg";
+    name = "kanidm.svg";
+    sha256 = "sha256-rP7aZURtHBfF2OYuGLcKZhbvIN+B596T/3kaOxHUvig=";
+  };
+  grafanaLogo = pkgs.fetchurl {
+    url = "https://upload.wikimedia.org/wikipedia/commons/a/a1/Grafana_logo.svg";
+    name = "grafana.svg";
+    sha256 = "sha256-UjE6ArLCa52o3XGUmpqPoakbEOeFi+zfsnATi1FtWmQ=";
+  };
+  nextcloudLogo = pkgs.fetchurl {
+    url = "https://upload.wikimedia.org/wikipedia/commons/6/60/Nextcloud_Logo.svg";
+    name = "nextcloud.svg";
+    sha256 = "sha256-hL51zJkFxUys1CoM8yUxiH8BDw111wh3Qv7eTLm+XYo=";
+  };
 in
  {
  config = lib.mkIf cfg {
@ -48,6 +64,7 @@ in
              ];
              groups = [
                "grafana_superadmins"
+                "forgejo_admins"
                "nextcloud_user"
              ];
            };
@ -62,7 +79,13 @@ in
            grafana_editors = {
              present = true;
            };
-            grafana_user = {
+            grafana_users = {
+              present = true;
+            };
+            forgejo_admins = {
+              present = true;
+            };
+            forgejo_users = {
              present = true;
            };
            nextcloud_user = {
@ -112,6 +135,7 @@ in
            grafana = {
              present = true;
              displayName = "Grafana";
+              imageFile = grafanaLogo;
              originUrl = "https://monitor.enium.eu";
              originLanding = "https://monitor.enium.eu/login/generic_oauth";
              basicSecretFile = config.age.secrets.grafana-oidc-secret.path;
@ -138,7 +162,7 @@ in
                  "profile"
                  "groups"
                ];
-                grafana_user = [
+                grafana_users = [
                  "email"
                  "openid"
                  "profile"
@ -158,8 +182,8 @@ in
                    grafana_editors = [
                      "grafana_editors"
                    ];
-                    grafana_user = [
-                      "grafana_user"
+                    grafana_users = [
+                      "grafana_users"
                    ];
                  };
                };
@ -168,6 +192,7 @@ in
            nextcloud = {
              present = true;
              displayName = "Nextcloud";
+              imageFile = nextcloudLogo;
              originUrl = "https://nextcloud.enium.eu";
              originLanding = "https://nextcloud.enium.eu/login";
              basicSecretFile = config.age.secrets.nextcloud-oidc-secret.path;