fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Enable SSO with keycloak for mastodon

Browse source
This commit is contained in:
fi 2024-01-19 12:16:42 +01:00
parent f11b1bd893
commit d055069c44
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
2 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
config/hosts/mastodon/mastodon.nix
View file

@ -50,7 +50,21 @@ in
extraConfig = { extraConfig = {
SMTP_TLS = "true"; SMTP_TLS = "true";
ES_PRESET = "single_node_cluster"; ES_PRESET = "single_node_cluster";
OIDC_CLIENT_ID = "mastodon";
OIDC_ENABLED = "true";
OMNIAUTH_ONLY = "false";
OIDC_DISPLAY_NAME = "Login with Nekoverse ID";
OIDC_ISSUER = "https://id.nekover.se/realms/nekoverse";
OIDC_DISCOVERY = "true";
OIDC_SCOPE = "openid,profile,email";
OIDC_UID_FIELD = "preferred_username";
OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout";
}; };
extraEnvFiles = [
"/secrets/mastodon-keycloak-client-secret.secret"
];
elasticsearch.host = "127.0.0.1"; elasticsearch.host = "127.0.0.1";
}; };
} }

8
config/hosts/mastodon/secrets.nix
View file

@ -33,5 +33,13 @@
permissions = "0640"; permissions = "0640";
uploadAt = "pre-activation"; uploadAt = "pre-activation";
}; };
"mastodon-keycloak-client-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/keycloak-client-secret" ];
destDir = "/secrets";
user = "mastodon";
group = "mastodon";
permissions = "0640";
uploadAt = "pre-activation";
};
}; };
} }