thary/sp-mastodon-module
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Thary
2025-09-20 12:46:40 +03:00
parent dcc73050eb
commit 3294ff3da4
1 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
module.nix
View File

@@ -11,12 +11,13 @@ let
auth-passthru = config.selfprivacy.passthru.auth; auth-passthru = config.selfprivacy.passthru.auth;
oauthDiscoveryURL = auth-passthru.oauth2-discovery-url oauthClientID; oauthDiscoveryURL = auth-passthru.oauth2-discovery-url oauthClientID;
issuer = lib.strings.removeSuffix "/.well-known/openid-configuration" oauthDiscoveryURL; issuer = lib.strings.removeSuffix "/.well-known/openid-configuration" oauthDiscoveryURL;
oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
usersGroup = "sp.mastodon.users"; usersGroup = "sp.mastodon.users";
adminsGroup = "sp.mastodon.admins"; adminsGroup = "sp.mastodon.admins";
oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID; oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback"; serviceAccountFP = auth-passthru.mkServiceAccountTokenFP "mastodon";
secrets = rec { secrets = rec {
dir = "/run/keys/mastodon"; dir = "/run/keys/mastodon";
@@ -61,6 +62,21 @@ in
weight = 0; weight = 0;
}; };
}; };
dissallowUnauthenticatedAPI =
(lib.mkOption {
default = true;
type = lib.types.bool;
description = "Allow unauthenticated API access";
})
// {
meta = {
type = "bool";
weight = 1;
};
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@@ -96,6 +112,8 @@ in
"SMTP_ENABLE_STARTTLS" = "always"; "SMTP_ENABLE_STARTTLS" = "always";
"SMTP_TLS" = "true"; "SMTP_TLS" = "true";
"SMTP_SSL" = "true"; "SMTP_SSL" = "true";
"DISALLOW_UNAUTHENTICATED_API_ACCESS" = lib.boolToString cfg.dissallowUnauthenticatedAPI;
}; };
}; };
users.users.mastodon.isSystemUser = lib.mkForce false; users.users.mastodon.isSystemUser = lib.mkForce false;
@@ -162,6 +180,8 @@ in
selfprivacy.auth.clients.${oauthClientID} = { selfprivacy.auth.clients.${oauthClientID} = {
inherit usersGroup; inherit usersGroup;
inherit adminsGroup; inherit adminsGroup;
isTokenNeeded = true;
subdomain = cfg.subdomain; subdomain = cfg.subdomain;
originLanding = "https://${cfg.subdomain}.${sp.domain}/"; originLanding = "https://${cfg.subdomain}.${sp.domain}/";
originUrl = oauthRedirectURL; originUrl = oauthRedirectURL;