nix-dotfiles/modules/mastodon.nix

{ config, lib, libS, pkgs, ... }:

let
  cfg = config.services.mastodon;
  cfgl = cfg.ldap;
  inherit (config.security) ldap;
in
{
  options.services.mastodon = {
    ldap = {
      enable = lib.mkEnableOption (lib.mdDoc "login only via LDAP");

      userGroup = libS.ldap.mkUserGroupOption;
    };

    enableBirdUITheme = lib.mkEnableOption (lib.mdDoc "Bird UI Theme");
  };

  config.services.mastodon = {
    package = lib.mkIf cfg.enableBirdUITheme (pkgs.mastodon.overrideAttrs (_: with pkgs; let
      src = pkgs.applyPatches {
        src = fetchFromGitHub {
          owner = "mstdn";
          repo = "Bird-UI-Theme-Admins";
          rev = "2f9921db746593f393c13f9b79e5b4c2e19b03bd";
          hash = "sha256-+7FUm5GNXRWyS9Oiow6kwX+pWh11wO3stm5iOTY3sYY=";
        };

        patches = [
          # fix compose box background
          (fetchpatch {
            url = "https://github.com/mstdn/Bird-UI-Theme-Admins/commit/d5a07d653680fba0ad8dd941405e2d0272ff9cd1.patch";
            hash = "sha256-1gnQNCSSuTE/pkPCf49lJQbmeLAbaiPD9u/q8KiFvlU=";
          })
        ];
      };
    in {
      mastodonModules = mastodon.mastodonModules.overrideAttrs (oldAttrs: {
        pname = "mastodon-birdui-theme";

        nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [
          rsync
          xorg.lndir
        ];

        postPatch = ''
          rsync -r ${src}/mastodon/ .
        '';
      });

      postBuild = ''
        cp ${src}/mastodon/config/themes.yml config/themes.yml
      '';
    }));

    extraConfig = lib.mkIf cfgl.enable {
      LDAP_ENABLED = "true";
      LDAP_BASE = ldap.userBaseDN;
      LDAP_BIND_DN = ldap.bindDN;
      LDAP_HOST = ldap.domainName;
      LDAP_METHOD = "simple_tls";
      LDAP_PORT = toString ldap.port;
      LDAP_UID = ldap.userField;
      # convert .,- (space) in LDAP usernames to underscore, otherwise those users cannot log in
      LDAP_UID_CONVERSION_ENABLED = "true";
      LDAP_SEARCH_FILTER = ldap.searchFilterWithGroupFilter cfgl.userGroup "(|(%{uid}=%{email})(%{mail}=%{email}))";
    };
  };

  config.services.portunus.seedSettings.groups = lib.optional (cfgl.userGroup != null) {
    long_name = "Mastodon Users";
    name = cfgl.userGroup;
    permissions = { };
  };
}
base configuration 2023-12-23 06:49:01 +01:00			`{ config, lib, libS, pkgs, ... }:`

			`let`
			`cfg = config.services.mastodon;`
			`cfgl = cfg.ldap;`
			`inherit (config.security) ldap;`
			`in`
			`{`
			`options.services.mastodon = {`
			`ldap = {`
			`enable = lib.mkEnableOption (lib.mdDoc "login only via LDAP");`

			`userGroup = libS.ldap.mkUserGroupOption;`
			`};`

			`enableBirdUITheme = lib.mkEnableOption (lib.mdDoc "Bird UI Theme");`
			`};`

			`config.services.mastodon = {`
			`package = lib.mkIf cfg.enableBirdUITheme (pkgs.mastodon.overrideAttrs (_: with pkgs; let`
			`src = pkgs.applyPatches {`
			`src = fetchFromGitHub {`
			`owner = "mstdn";`
			`repo = "Bird-UI-Theme-Admins";`
			`rev = "2f9921db746593f393c13f9b79e5b4c2e19b03bd";`
			`hash = "sha256-+7FUm5GNXRWyS9Oiow6kwX+pWh11wO3stm5iOTY3sYY=";`
			`};`

			`patches = [`
			`# fix compose box background`
			`(fetchpatch {`
			`url = "https://github.com/mstdn/Bird-UI-Theme-Admins/commit/d5a07d653680fba0ad8dd941405e2d0272ff9cd1.patch";`
			`hash = "sha256-1gnQNCSSuTE/pkPCf49lJQbmeLAbaiPD9u/q8KiFvlU=";`
			`})`
			`];`
			`};`
			`in {`
			`mastodonModules = mastodon.mastodonModules.overrideAttrs (oldAttrs: {`
			`pname = "mastodon-birdui-theme";`

			`nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [`
			`rsync`
			`xorg.lndir`
			`];`

			`postPatch = ''`
			`rsync -r ${src}/mastodon/ .`
			`'';`
			`});`

			`postBuild = ''`
			`cp ${src}/mastodon/config/themes.yml config/themes.yml`
			`'';`
			`}));`

			`extraConfig = lib.mkIf cfgl.enable {`
			`LDAP_ENABLED = "true";`
			`LDAP_BASE = ldap.userBaseDN;`
			`LDAP_BIND_DN = ldap.bindDN;`
			`LDAP_HOST = ldap.domainName;`
			`LDAP_METHOD = "simple_tls";`
			`LDAP_PORT = toString ldap.port;`
			`LDAP_UID = ldap.userField;`
			`# convert .,- (space) in LDAP usernames to underscore, otherwise those users cannot log in`
			`LDAP_UID_CONVERSION_ENABLED = "true";`
			`LDAP_SEARCH_FILTER = ldap.searchFilterWithGroupFilter cfgl.userGroup "(\|(%{uid}=%{email})(%{mail}=%{email}))";`
			`};`
			`};`

			`config.services.portunus.seedSettings.groups = lib.optional (cfgl.userGroup != null) {`
			`long_name = "Mastodon Users";`
			`name = cfgl.userGroup;`
			`permissions = { };`
			`};`
			`}`