thary/sp-mastodon-module
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: thary:2397cd1090b57bcbbc9a69ddb62eb9eb6c2e5c3b
Branches Tags
thary:main
...
compare: thary:88269b9e74530bddf1e13a2c2ebd67a67caedad3
Branches Tags
thary:main

2 Commits
2397cd1090 ... 88269b9e74

Author SHA1 Message Date
Thary
88269b9e74 test 2025-09-12 19:46:34 +03:00
Thary
22d8579f67 test 2025-09-12 19:22:27 +03:00
1 changed files with 3 additions and 21 deletions
Expand all files Collapse all files

24
module.nix
View File

@@ -17,9 +17,6 @@ let
oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID; oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback"; oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
# emailPassword = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out";
# emailPasswordHash = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out";
in in
{ {
options.selfprivacy.modules.mastodon = { options.selfprivacy.modules.mastodon = {
@@ -68,16 +65,6 @@ in
}; };
}; };
# services.postgresql = {
# ensureDatabases = [ "mastodon" ];
# ensureUsers = [
# {
# name = "mastodon";
# ensureDBOwnership = true;
# }
# ];
# };
services.mastodon = { services.mastodon = {
enable = true; enable = true;
localDomain = "${cfg.subdomain}.${sp.domain}"; localDomain = "${cfg.subdomain}.${sp.domain}";
@@ -95,11 +82,6 @@ in
}; };
}; };
# mailserver.loginAccounts."noreply.mastodon@${sp.domain}" = {
# hashedPasswordFile = "/run/keys/mastodon/email_password";
# sendOnly = true;
# };
services.postfix.config.virtual_mailbox_maps = [ "hash:/run/postfix/mastodon.cf" ]; services.postfix.config.virtual_mailbox_maps = [ "hash:/run/postfix/mastodon.cf" ];
systemd = { systemd = {
@@ -130,6 +112,7 @@ in
services.mastodon-web = { services.mastodon-web = {
unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/mastodon"; unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/mastodon";
serviceConfig = { serviceConfig = {
Slice = "hedgedoc.slice";
LoadCredential = ["client-secret:${oauthClientSecretFP}"]; LoadCredential = ["client-secret:${oauthClientSecretFP}"];
ExecStart = lib.mkForce (pkgs.writeShellScript "run-mastodon-with-client-secret" '' ExecStart = lib.mkForce (pkgs.writeShellScript "run-mastodon-with-client-secret" ''
export OIDC_CLIENT_SECRET=$(cat $CREDENTIALS_DIRECTORY/client-secret) export OIDC_CLIENT_SECRET=$(cat $CREDENTIALS_DIRECTORY/client-secret)
@@ -137,14 +120,12 @@ in
''); '');
}; };
environment = { environment = {
RAILS_LOG_LEVEL = "debug";
OIDC_ENABLED = "true"; OIDC_ENABLED = "true";
OIDC_DISPLAY_NAME= "Kanidm"; OIDC_DISPLAY_NAME= "Kanidm";
OIDC_ISSUER = issuer; OIDC_ISSUER = issuer;
OIDC_DISCOVERY = "true"; OIDC_DISCOVERY = "true";
OIDC_SCOPE = "openid,profile"; OIDC_SCOPE = "openid,profile";
OIDC_UID_FIELD = "sub"; OIDC_UID_FIELD = "preferred_username";
OIDC_CLIENT_ID = oauthClientID; OIDC_CLIENT_ID = oauthClientID;
OIDC_REDIRECT_URI = oauthRedirectURL; OIDC_REDIRECT_URI = oauthRedirectURL;
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
@@ -163,6 +144,7 @@ in
originUrl = oauthRedirectURL; originUrl = oauthRedirectURL;
clientSystemdUnits = [ "mastodon.service" ]; clientSystemdUnits = [ "mastodon.service" ];
enablePkce = false; enablePkce = false;
useShortPreferredUsername = true;
linuxUserOfClient = "mastodon"; linuxUserOfClient = "mastodon";
linuxGroupOfClient = "mastodon"; linuxGroupOfClient = "mastodon";
}; };