diff --git a/module.nix b/module.nix index 7960a24..2ffe19c 100644 --- a/module.nix +++ b/module.nix @@ -17,9 +17,6 @@ let oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID; oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback"; - - # emailPassword = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out"; - # emailPasswordHash = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out"; in { options.selfprivacy.modules.mastodon = { @@ -68,16 +65,6 @@ in }; }; - # services.postgresql = { - # ensureDatabases = [ "mastodon" ]; - # ensureUsers = [ - # { - # name = "mastodon"; - # ensureDBOwnership = true; - # } - # ]; - # }; - services.mastodon = { enable = true; localDomain = "${cfg.subdomain}.${sp.domain}"; @@ -95,11 +82,6 @@ in }; }; - # mailserver.loginAccounts."noreply.mastodon@${sp.domain}" = { - # hashedPasswordFile = "/run/keys/mastodon/email_password"; - # sendOnly = true; - # }; - services.postfix.config.virtual_mailbox_maps = [ "hash:/run/postfix/mastodon.cf" ]; systemd = { @@ -130,6 +112,7 @@ in services.mastodon-web = { unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/mastodon"; serviceConfig = { + Slice = "hedgedoc.slice"; LoadCredential = ["client-secret:${oauthClientSecretFP}"]; ExecStart = lib.mkForce (pkgs.writeShellScript "run-mastodon-with-client-secret" '' export OIDC_CLIENT_SECRET=$(cat $CREDENTIALS_DIRECTORY/client-secret) @@ -137,8 +120,6 @@ in ''); }; environment = { - RAILS_LOG_LEVEL = "debug"; - OIDC_ENABLED = "true"; OIDC_DISPLAY_NAME= "Kanidm"; OIDC_ISSUER = issuer; @@ -163,6 +144,7 @@ in originUrl = oauthRedirectURL; clientSystemdUnits = [ "mastodon.service" ]; enablePkce = false; + useShortPreferredUsername = true; linuxUserOfClient = "mastodon"; linuxGroupOfClient = "mastodon"; };