Enable SSO with keycloak for mastodon

2024-01-19 12:16:42 +01:00 · 2024-01-19 12:16:42 +01:00 · d055069c44
commit d055069c44
parent f11b1bd893
2 changed files with 22 additions and 0 deletions
--- a/config/hosts/mastodon/mastodon.nix
+++ b/config/hosts/mastodon/mastodon.nix
@ -50,7 +50,21 @@ in
    extraConfig = {
      SMTP_TLS = "true";
      ES_PRESET = "single_node_cluster";
+      OIDC_CLIENT_ID = "mastodon";
+      OIDC_ENABLED = "true";
+      OMNIAUTH_ONLY = "false";
+      OIDC_DISPLAY_NAME = "Login with Nekoverse ID";
+      OIDC_ISSUER = "https://id.nekover.se/realms/nekoverse";
+      OIDC_DISCOVERY = "true";
+      OIDC_SCOPE = "openid,profile,email";
+      OIDC_UID_FIELD = "preferred_username";
+      OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback";
+      OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
+      OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout";
    };
+    extraEnvFiles = [
+      "/secrets/mastodon-keycloak-client-secret.secret"
+    ];
    elasticsearch.host = "127.0.0.1";
  };
 }