thary/sp-mastodon-module
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Thary
2025-09-20 00:53:43 +03:00
parent 1235104b10
commit 26e81611be
1 changed files with 22 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
module.nix
View File

@@ -17,6 +17,12 @@ let
oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID; oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback"; oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
secrets = rec {
dir = "/run/keys/mastodon";
hashedPasswordFile = "${dir}/hashed_email_password";
passwordFile = "${dir}/email_password";
};
in in
{ {
options.selfprivacy.modules.mastodon = { options.selfprivacy.modules.mastodon = {
@@ -75,16 +81,14 @@ in
smtp = { smtp = {
createLocally = false; createLocally = false;
# fromAddress = "noreply.mastodon@${sp.domain}";
# user = "noreply.mastodon";
fromAddress = "noreply.mastodon@${sp.domain}"; fromAddress = "mastodon@${sp.domain}";
user = "noreply.mastodon"; user = "mastodon";
passwordFile = secrets.passwordFile;
authenticate = true;
host = "hollowness.top"; host = "hollowness.top";
port = 465; port = 465;
passwordFile = "/run/keys/mastodon/email_password";
authenticate = true;
}; };
extraConfig = { extraConfig = {
# "SMTP_ENABLE_STARTTLS" = "never"; # "SMTP_ENABLE_STARTTLS" = "never";
@@ -95,18 +99,10 @@ in
}; };
}; };
# services.postfix.config = {
# smtp_sasl_auth_enable = "yes";
# smtp_sasl_security_options = "";
# smtp_sasl_password_maps = "texthash:/run/keys/mastodon/hashed_email_password";
# virtual_mailbox_maps = [ "hash:/run/keys/mastodon/hashed_email_password" ];
# };
# mailserver.loginAccounts."noreply.mastodon@${sp.domain}" = {
# mailserver.loginAccounts."mastodon@${sp.domain}" = {
selfprivacy.emails."mastodon" = { selfprivacy.emails."mastodon" = {
hashedPasswordFile = "/run/keys/mastodon/hashed_email_password"; hashedPasswordFile = secrets.hashedPasswordFile;
systemdTargets = [ "mastodon-email-password-setup.service" ]; systemdTargets = [ "mastodon-email-password-setup.service" ];
sendOnly = false; sendOnly = true;
}; };
systemd = { systemd = {
@@ -117,18 +113,19 @@ in
Type = "oneshot"; Type = "oneshot";
ExecStart = pkgs.writeShellScript "gen-mastodon-email-password" '' ExecStart = pkgs.writeShellScript "gen-mastodon-email-password" ''
export password=$(head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g') export password=$(head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g')
mkdir /run/keys/mastodon/ || true # Create /run/keys/mastodon if it doesn't exist mkdir ${secrets.dir} || true # Create ${secrets.dir} if it doesn't exist
rm -f /run/keys/mastodon/email_password || true rm -f ${secrets.passwordFile} || true
echo $password > /run/keys/mastodon/email_password echo "$password" > ${secrets.passwordFile}
chmod 400 /run/keys/mastodon/email_password chmod 400 ${secrets.passwordFile}
chown ${config.services.mastodon.user}:${config.services.mastodon.group} /run/keys/mastodon/email_password chown ${config.services.mastodon.user}:${config.services.mastodon.group} ${secrets.passwordFile}
rm -f /run/keys/mastodon/hashed_email_password || true
export hashedPassword=$(${lib.getExe pkgs.mkpasswd} -sm bcrypt "$password") export hashedPassword=$(${lib.getExe pkgs.mkpasswd} -sm bcrypt "$password")
echo "$hashedPassword" > /run/keys/mastodon/hashed_email_password
chmod 440 /run/keys/mastodon/hashed_email_password rm -f ${secrets.hashedPasswordFile} || true
chown ${config.services.postfix.user}:${config.services.postfix.group} /run/keys/mastodon/hashed_email_password echo "$hashedPassword" > ${secrets.hashedPasswordFile}
chmod 440 ${secrets.hashedPasswordFile}
chown ${config.services.postfix.user}:${config.services.postfix.group} ${secrets.hashedPasswordFile}
''; '';
}; };
}; };