From b59ad3af51af5bd63f92d8a429f13f3e5509e678 Mon Sep 17 00:00:00 2001
From: Kaare Hoff Skovgaard <kaare@kaareskovgaard.net>
Date: Tue, 29 Jul 2025 16:02:01 +0200
Subject: [PATCH] Roundcube oauth2 login working

---
 .../nixos/infrastructure/mailserver/openid-connect.nix       | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/nix/modules/nixos/infrastructure/mailserver/openid-connect.nix b/nix/modules/nixos/infrastructure/mailserver/openid-connect.nix
index 896633b..120886d 100644
--- a/nix/modules/nixos/infrastructure/mailserver/openid-connect.nix
+++ b/nix/modules/nixos/infrastructure/mailserver/openid-connect.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
   cfg = config.khscodes.infrastructure.mailserver;
-  oauthConfigFile = "/run/dovecot2/dovecot-oauth2.conf.ext";
+  oauthConfigFile = "/run/secret/dovecot/dovecot-oauth2.conf.ext";
 in
 {
   config = lib.mkIf cfg.enable {
@@ -10,9 +10,8 @@ in
         contents = ''
           {{- with secret "kanidm/data/apps/dovecot" -}}
           scope = email openid profile
-          username_attribute = preferred_username
+          username_attribute = username
           debug = yes
-          tokeninfo_url = https://dovecot:{{ .Data.data.basic_secret }}@login.kaareskovgaard.net/oauth2/openid/dovecot/userinfo?access_token=
           introspection_url = https://dovecot:{{ .Data.data.basic_secret }}@login.kaareskovgaard.net/oauth2/token/introspect
           introspection_mode = post
           {{- end -}}