{ config, lib, libS, pkgs, ... }:
let
cfg = config.services.mastodon;
cfgl = cfg.ldap;
inherit (config.security) ldap;
in
{
options.services.mastodon = {
ldap = {
enable = lib.mkEnableOption (lib.mdDoc "login only via LDAP");
userGroup = libS.ldap.mkUserGroupOption;
};
enableBirdUITheme = lib.mkEnableOption (lib.mdDoc "Bird UI Theme");
};
config.services.mastodon = {
package = lib.mkIf cfg.enableBirdUITheme (pkgs.mastodon.overrideAttrs (_: with pkgs; let
src = pkgs.applyPatches {
src = fetchFromGitHub {
owner = "mstdn";
repo = "Bird-UI-Theme-Admins";
rev = "2f9921db746593f393c13f9b79e5b4c2e19b03bd";
hash = "sha256-+7FUm5GNXRWyS9Oiow6kwX+pWh11wO3stm5iOTY3sYY=";
};
patches = [
# fix compose box background
(fetchpatch {
url = "https://github.com/mstdn/Bird-UI-Theme-Admins/commit/d5a07d653680fba0ad8dd941405e2d0272ff9cd1.patch";
hash = "sha256-1gnQNCSSuTE/pkPCf49lJQbmeLAbaiPD9u/q8KiFvlU=";
})
];
};
in {
mastodonModules = mastodon.mastodonModules.overrideAttrs (oldAttrs: {
pname = "mastodon-birdui-theme";
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [
rsync
xorg.lndir
];
postPatch = ''
rsync -r ${src}/mastodon/ .
'';
});
postBuild = ''
cp ${src}/mastodon/config/themes.yml config/themes.yml
'';
}));
extraConfig = lib.mkIf cfgl.enable {
LDAP_ENABLED = "true";
LDAP_BASE = ldap.userBaseDN;
LDAP_BIND_DN = ldap.bindDN;
LDAP_HOST = ldap.domainName;
LDAP_METHOD = "simple_tls";
LDAP_PORT = toString ldap.port;
LDAP_UID = ldap.userField;
# convert .,- (space) in LDAP usernames to underscore, otherwise those users cannot log in
LDAP_UID_CONVERSION_ENABLED = "true";
LDAP_SEARCH_FILTER = ldap.searchFilterWithGroupFilter cfgl.userGroup "(|(%{uid}=%{email})(%{mail}=%{email}))";
};
};
config.services.portunus.seedSettings.groups = lib.optional (cfgl.userGroup != null) {
long_name = "Mastodon Users";
name = cfgl.userGroup;
permissions = { };
};
}