wymiller/nix-config-v2
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: wymiller:e556dae87dbae818fcf5041cefda285e30aef175
Branches Tags
wymiller:master wymiller:yshtola-build wymiller:overlay-update wymiller:25.11-move wymiller:emulation wymiller:nix-override-overlay wymiller:ixion-build wymiller:macos-superuser-bypass-refactor wymiller:shell-inhibit wymiller:nvf-neovim wymiller:obsidian wymiller:neovim wymiller:home-assistant wymiller:reshade-addition wymiller:ucode-addition
...
compare: wymiller:yshtola-build
Branches Tags
wymiller:master wymiller:yshtola-build wymiller:overlay-update wymiller:25.11-move wymiller:emulation wymiller:nix-override-overlay wymiller:ixion-build wymiller:macos-superuser-bypass-refactor wymiller:shell-inhibit wymiller:nvf-neovim wymiller:obsidian wymiller:neovim wymiller:home-assistant wymiller:reshade-addition wymiller:ucode-addition

8 Commits
e556dae87d ... yshtola-bu

Author SHA1 Message Date
Wyatt J. Miller
af0357aa1e got sso working 2026-05-10 17:49:18 -04:00
Wyatt J. Miller
4e0a2fc86f changed sso parameters 2026-05-10 14:42:08 -04:00
Wyatt J. Miller
8b7c4fd871 Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build 2026-03-01 23:14:25 -05:00
Wyatt J. Miller
1d04c5b5cd Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build 2026-03-01 23:12:04 -05:00
Wyatt J. Miller
754635dafc Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build 2026-03-01 21:52:29 -05:00
Wyatt J. Miller
edada4c1c9 Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build 2026-03-01 00:09:19 -05:00
Wyatt J. Miller
a2899cf823 Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build 2026-02-28 23:54:18 -05:00
Wyatt J. Miller
807d099a70 added webPort, enableUnixSocket attr 2026-02-28 23:54:07 -05:00
1 changed files with 20 additions and 11 deletions
Expand all files Collapse all files

29
modules/machine/yshtola/configuration.nix
View File

@@ -1,4 +1,5 @@
{ {
lib,
pkgs, pkgs,
config, config,
userName, userName,
@@ -17,8 +18,10 @@
# After deploying Mastodon, register an OAuth application at # After deploying Mastodon, register an OAuth application at
# https://social.wyattjmiller.com/settings/applications and write the # https://social.wyattjmiller.com/settings/applications and write the
# client ID / secret to these paths (chmod 400, owned by the tuwunel user): # client ID / secret to these paths (chmod 400, owned by the tuwunel user):
mastodonOauthClientIdFile = "/var/lib/tuwunel/mastodon-oauth-client-id"; mastodonOauthClientIdFile = "/var/lib/private/tuwunel/matrix-oauth-client-id";
mastodonOauthClientSecretFile = "/var/lib/tuwunel/mastodon-oauth-client-secret"; mastodonOauthClientSecretFile = "/var/lib/private/tuwunel/matrix-oauth-client-secret";
mastodonOauthClientId = builtins.readFile mastodonOauthClientIdFile;
mastodonOauthClientSecret = builtins.readFile mastodonOauthClientSecretFile;
in { in {
imports = [ imports = [
../../pwrMgmt ../../pwrMgmt
@@ -129,11 +132,14 @@ in {
services.mastodon = { services.mastodon = {
enable = true; enable = true;
localDomain = mastodonFqdn; localDomain = mastodonFqdn;
webPort = 3000;
enableUnixSocket = false;
configureNginx = false; configureNginx = false;
secretKeyBaseFile = "${mastodonSecretsDir}/secret_key_base"; secretKeyBaseFile = "${mastodonSecretsDir}/secret_key_base";
otpSecretFile = "${mastodonSecretsDir}/otp_secret"; # otpSecretFile = "${mastodonSecretsDir}/otp_secret";
vapidPrivateKeyFile = "${mastodonSecretsDir}/vapid_private_key"; vapidPrivateKeyFile = "${mastodonSecretsDir}/vapid_private_key";
vapidPublicKeyFile = "${mastodonSecretsDir}/vapid_public_key"; vapidPublicKeyFile = "${mastodonSecretsDir}/vapid_public_key";
streamingProcesses = 3;
# Configure SMTP after initial deploy via mastodonSecretsDir or a separate # Configure SMTP after initial deploy via mastodonSecretsDir or a separate
# NixOS secrets manager (sops-nix / agenix). # NixOS secrets manager (sops-nix / agenix).
smtp = { smtp = {
@@ -189,18 +195,21 @@ in {
# 1. Visit https://social.wyattjmiller.com/settings/applications # 1. Visit https://social.wyattjmiller.com/settings/applications
# 2. Create a new application with the redirect URI: # 2. Create a new application with the redirect URI:
# https://chat.wyattjmiller.com/_matrix/client/v3/login/sso/redirect/oidc-mastodon # https://chat.wyattjmiller.com/_matrix/client/v3/login/sso/redirect/oidc-mastodon
# and scopes: read:accounts # and scopes: profile
# 3. Write the Application ID → /var/lib/tuwunel/mastodon-oauth-client-id (chmod 400, owned by tuwunel) # 3. Write the Client Key → /var/lib/private/tuwunel/matrix-oauth-client-id (chmod 400, owned by tuwunel)
# Write the Client Secret → /var/lib/tuwunel/mastodon-oauth-client-secret # Write the Client Secret → /var/lib/private/tuwunel/matrix-oauth-client-secret
# 4. nixos-rebuild switch (or restart tuwunel.service) # 4. nixos-rebuild switch (or restart tuwunel.service)
identity_provider = [ identity_provider = [
{ {
brand = "Mastodon"; brand = "Mastodon";
issuer_url = "https://${mastodonFqdn}"; issuer_url = "https://${mastodonFqdn}";
id = "oidc-mastodon"; # id = mastodonOauthClientId;
client_id = mastodonOauthClientIdFile; callback_url = "https://${matrixFqdn}/_matrix/client/unstable/login/sso/callback/${lib.removeSuffix "\n" (mastodonOauthClientId)}";
client_secret = mastodonOauthClientSecretFile; discovery_url = "https://${mastodonFqdn}/.well-known/oauth-authorization-server";
scope = ["openid" "read:accounts"]; client_id = lib.removeSuffix "\n" (mastodonOauthClientId);
client_secret = lib.removeSuffix "\n" (mastodonOauthClientSecret);
scope = ["profile"];
userid_claims = ["preferred_username"];
} }
]; ];
}; };