sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: matrix oidc

Browse source
This commit is contained in:
s-prechtl 2026-03-24 21:20:11 +01:00
parent 62bb7aa2ea
commit 357480c807
3 changed files with 42 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

30
hosts/hitsugibune/matrix.nix
View file

@ -22,13 +22,19 @@ in {
group = "matrix-synapse"; group = "matrix-synapse";
}; };
age.secrets.matrix-oidc = {
file = ../../secrets/matrix-oidc.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
age.secrets.mautrix-signal = { age.secrets.mautrix-signal = {
file = ../../secrets/mautrix-signal.age; file = ../../secrets/mautrix-signal.age;
owner = "mautrix-signal"; owner = "mautrix-signal";
group = "mautrix-signal"; group = "mautrix-signal";
}; };
age.secrets.mautrix-signal-puppeting = { age.secrets.mautrix-signal-puppeting = {
file = ../../secrets/mautrix-signal-puppeting.yaml.age; # your encrypted YAML file = ../../secrets/mautrix-signal-puppeting.yaml.age;
owner = "mautrix-signal"; owner = "mautrix-signal";
group = "mautrix-signal"; group = "mautrix-signal";
mode = "0640"; mode = "0640";
@ -184,7 +190,8 @@ in {
settings.public_baseurl = baseUrl; settings.public_baseurl = baseUrl;
settings.enable_registration = false; settings.enable_registration = false;
enableRegistrationScript = true; enableRegistrationScript = true;
settings.listeners = [ settings = {
listeners = [
{ {
port = 8008; port = 8008;
bind_addresses = ["::1"]; bind_addresses = ["::1"];
@ -199,11 +206,28 @@ in {
]; ];
} }
]; ];
oidc_providers = [
{
idp_id = "authentik";
idp_name = "Authentik";
issuer = "https://auth.sprechtl.me/application/o/matrix-synapse/.well-known/openid-configuration";
client_id = "xoTtitlCqRbK9fjl2VAugYdswYGOLUJUzeV1dacc";
scopes = [ "openid" "profile" "email" ];
user_mapping_provider.config = {
localpart_template = "{{ user.preferred_username }}";
display_name_template = "{{ user.name }}";
};
}
];
};
settings.app_service_config_files = [ settings.app_service_config_files = [
"/var/lib/mautrix-signal/double-puppeting.yaml" "/var/lib/mautrix-signal/double-puppeting.yaml"
]; ];
extraConfigFiles = [config.age.secrets.matrix.path]; extraConfigFiles = [
config.age.secrets.matrix.path
config.age.secrets.matrix-oidc.path
];
settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"]; settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"];
settings.turn_user_lifetime = "1h"; settings.turn_user_lifetime = "1h";
}; };

BIN
secrets/matrix-oidc.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -12,6 +12,7 @@ in {
"speedtest-tracker.age".publicKeys = [saberofxebec key]; "speedtest-tracker.age".publicKeys = [saberofxebec key];
"homarr.age".publicKeys = [saberofxebec key]; "homarr.age".publicKeys = [saberofxebec key];
"matrix.age".publicKeys = [hitsugibune key]; "matrix.age".publicKeys = [hitsugibune key];
"matrix-oidc.age".publicKeys = [hitsugibune key];
"mautrix-signal.age".publicKeys = [hitsugibune key]; "mautrix-signal.age".publicKeys = [hitsugibune key];
"mautrix-signal-puppeting.yaml.age".publicKeys = [hitsugibune key]; "mautrix-signal-puppeting.yaml.age".publicKeys = [hitsugibune key];
"mautrix-whatsapp.age".publicKeys = [hitsugibune key]; "mautrix-whatsapp.age".publicKeys = [hitsugibune key];