From 90758a265282043f79f86526c992356d03d1d5fa Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Thu, 17 Apr 2025 12:49:50 +0400
Subject: [PATCH] fix mailserver,auth: OAuth client secret has only allowed
 characters

---
 sp-modules/simple-nixos-mailserver/auth-dovecot.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
index 46e5122..2819ffd 100644
--- a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
+++ b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
@@ -113,7 +113,7 @@ let
     "${oauth-client-id}-kanidm-ExecStartPre-script.sh" ''
     set -o xtrace
     [ -f "${oauth-client-secret-fp}" ] || \
-      "${lib.getExe pkgs.openssl}" rand -base64 32 | tr -d "\n" > "${oauth-client-secret-fp}"
+      "${lib.getExe pkgs.openssl}" rand -base64 32 | tr "\n:@/+=" "012345" > "${oauth-client-secret-fp}"
   '';
   dovecot-oauth2-conf-fp = "/run/${runtime-directory}/dovecot-oauth2.conf.ext";
   write-dovecot-oauth2-conf = appendSetting {