From 6d1f369dc0dd85efbcdfa8bf57c51f0653a382f8 Mon Sep 17 00:00:00 2001
From: Thary <thary@riseup.net>
Date: Thu, 11 Sep 2025 17:50:36 +0300
Subject: [PATCH] fix

---
 config-paths-needed.json | 2 +-
 module.nix               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config-paths-needed.json b/config-paths-needed.json
index 0b9c963..8754ee9 100644
--- a/config-paths-needed.json
+++ b/config-paths-needed.json
@@ -1,7 +1,7 @@
 [
   [ "selfprivacy", "domain" ],
   [ "selfprivacy", "modules", "auth", "enable" ],
-  [ "selfprivacy", "modules", "hedgedoc" ],
+  [ "selfprivacy", "modules", "mastodon" ],
   [ "selfprivacy", "passthru", "auth", "mkOAuth2ClientSecretFP" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
diff --git a/module.nix b/module.nix
index 1030fea..567d472 100644
--- a/module.nix
+++ b/module.nix
@@ -12,8 +12,8 @@ let
   oauthDiscoveryURL = config.services.kanidm.serverSettings.origin;
   issuer = lib.strings.removeSuffix "/.well-known/openid-configuration" oauthDiscoveryURL;
 
-  # SelfPrivacy uses SP Module ID to identify the group!
   usersGroup = "sp.mastodon.users";
+  adminGroup = "sp.mastodon.admins";
 
   oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
   oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
@@ -119,6 +119,7 @@ in
 
     selfprivacy.auth.clients.${oauthClientID} = {
       inherit usersGroup;
+      inherit adminGroup;
       subdomain = cfg.subdomain;
       originLanding = "https://${cfg.subdomain}.${sp.domain}/";
       originUrl = oauthRedirectURL;