From 77a1b34ea1bc3023d30783edd0e6933c639ce186 Mon Sep 17 00:00:00 2001
From: yuri <yuri@nekover.se>
Date: Sun, 21 Jan 2024 21:47:18 +0100
Subject: [PATCH] Enable Keycloak SSO for matrix

---
 config/hosts/matrix/matrix-synapse.nix | 2 ++
 config/hosts/matrix/secrets.nix        | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix
index 1a4fb12..6527503 100644
--- a/config/hosts/matrix/matrix-synapse.nix
+++ b/config/hosts/matrix/matrix-synapse.nix
@@ -54,10 +54,12 @@
       };
       environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
     };
+    extras = [ "oidc" ];
     extraConfigFiles = [
       "/secrets/matrix-registration-shared-secret.secret"
       "/secrets/matrix-turn-shared-secret.secret"
       "/secrets/matrix-email-smtp-pass.secret"
+      "/secrets/matrix-keycloak-client-secret.secret"
     ];
   };
 }
diff --git a/config/hosts/matrix/secrets.nix b/config/hosts/matrix/secrets.nix
index dac6301..68e4771 100644
--- a/config/hosts/matrix/secrets.nix
+++ b/config/hosts/matrix/secrets.nix
@@ -41,5 +41,13 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
+    "matrix-keycloak-client-secret.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
+      destDir = "/secrets";
+      user = "matrix-synapse";
+      group = "matrix-synapse";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
   };
 }