From af0357aa1ea6d8dbb765655b41e1c6228fb0b50e Mon Sep 17 00:00:00 2001 From: "Wyatt J. Miller" Date: Sun, 10 May 2026 17:49:18 -0400 Subject: [PATCH] got sso working --- modules/machine/yshtola/configuration.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/machine/yshtola/configuration.nix b/modules/machine/yshtola/configuration.nix index 1f4e70e..4437cfe 100644 --- a/modules/machine/yshtola/configuration.nix +++ b/modules/machine/yshtola/configuration.nix @@ -1,4 +1,5 @@ { + lib, pkgs, config, userName, @@ -194,19 +195,19 @@ in { # 1. Visit https://social.wyattjmiller.com/settings/applications # 2. Create a new application with the redirect URI: # https://chat.wyattjmiller.com/_matrix/client/v3/login/sso/redirect/oidc-mastodon - # and scopes: read:accounts - # 3. Write the Application ID → /var/lib/tuwunel/mastodon-oauth-client-id (chmod 400, owned by tuwunel) - # Write the Client Secret → /var/lib/tuwunel/mastodon-oauth-client-secret + # and scopes: profile + # 3. Write the Client Key → /var/lib/private/tuwunel/matrix-oauth-client-id (chmod 400, owned by tuwunel) + # Write the Client Secret → /var/lib/private/tuwunel/matrix-oauth-client-secret # 4. nixos-rebuild switch (or restart tuwunel.service) - identity_provider= [ + identity_provider = [ { brand = "Mastodon"; issuer_url = "https://${mastodonFqdn}"; - id = mastodonOauthClientId; - callback_url = "https://${matrixFqdn}/_matrix/client/v3/login/sso/callback/${mastodonOauthClientId}"; + # id = mastodonOauthClientId; + callback_url = "https://${matrixFqdn}/_matrix/client/unstable/login/sso/callback/${lib.removeSuffix "\n" (mastodonOauthClientId)}"; discovery_url = "https://${mastodonFqdn}/.well-known/oauth-authorization-server"; - client_id = mastodonOauthClientId; - client_secret = mastodonOauthClientSecret; + client_id = lib.removeSuffix "\n" (mastodonOauthClientId); + client_secret = lib.removeSuffix "\n" (mastodonOauthClientSecret); scope = ["profile"]; userid_claims = ["preferred_username"]; }