mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-17 07:13:23 +01:00
nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group
This commit is contained in:
parent
2cf2f3a306
commit
34f87f3981
4 changed files with 31 additions and 29 deletions
|
@ -391,6 +391,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
|
||||
- `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
|
||||
|
||||
- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.
|
||||
|
||||
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
|
||||
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
|
||||
|
||||
|
|
|
@ -1256,8 +1256,8 @@
|
|||
./services/security/kanidm.nix
|
||||
./services/security/munge.nix
|
||||
./services/security/nginx-sso.nix
|
||||
./services/security/oauth2_proxy.nix
|
||||
./services/security/oauth2_proxy_nginx.nix
|
||||
./services/security/oauth2-proxy.nix
|
||||
./services/security/oauth2-proxy-nginx.nix
|
||||
./services/security/opensnitch.nix
|
||||
./services/security/pass-secret-service.nix
|
||||
./services/security/physlock.nix
|
||||
|
|
|
@ -1,26 +1,26 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.oauth2_proxy.nginx;
|
||||
cfg = config.services.oauth2-proxy.nginx;
|
||||
in
|
||||
{
|
||||
options.services.oauth2_proxy.nginx = {
|
||||
options.services.oauth2-proxy.nginx = {
|
||||
proxy = mkOption {
|
||||
type = types.str;
|
||||
default = config.services.oauth2_proxy.httpAddress;
|
||||
defaultText = literalExpression "config.services.oauth2_proxy.httpAddress";
|
||||
default = config.services.oauth2-proxy.httpAddress;
|
||||
defaultText = literalExpression "config.services.oauth2-proxy.httpAddress";
|
||||
description = ''
|
||||
The address of the reverse proxy endpoint for oauth2_proxy
|
||||
The address of the reverse proxy endpoint for oauth2-proxy
|
||||
'';
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The domain under which the oauth2_proxy will be accesible and the path of cookies are set to.
|
||||
The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.
|
||||
This setting must be set to ensure back-redirects are working properly
|
||||
if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain`
|
||||
or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain.
|
||||
if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`
|
||||
or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -47,7 +47,7 @@ in
|
|||
};
|
||||
oldType = types.listOf types.str;
|
||||
convertFunc = x:
|
||||
lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
|
||||
lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
|
||||
lib.genAttrs x (_: {});
|
||||
newType = types.attrsOf vhostSubmodule;
|
||||
in types.coercedTo oldType convertFunc newType;
|
||||
|
@ -65,11 +65,11 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
|
||||
config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([
|
||||
config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([
|
||||
{
|
||||
virtualHosts.${cfg.domain}.locations."/oauth2/" = {
|
||||
proxyPass = cfg.proxy;
|
|
@ -1,15 +1,13 @@
|
|||
# NixOS module for oauth2_proxy.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.oauth2_proxy;
|
||||
cfg = config.services.oauth2-proxy;
|
||||
|
||||
# oauth2_proxy provides many options that are only relevant if you are using
|
||||
# oauth2-proxy provides many options that are only relevant if you are using
|
||||
# a certain provider. This set maps from provider name to a function that
|
||||
# takes the configuration and returns a string that can be inserted into the
|
||||
# command-line to launch oauth2_proxy.
|
||||
# command-line to launch oauth2-proxy.
|
||||
providerSpecificOptions = {
|
||||
azure = cfg: {
|
||||
azure-tenant = cfg.azure.tenant;
|
||||
|
@ -85,8 +83,8 @@ let
|
|||
configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig);
|
||||
in
|
||||
{
|
||||
options.services.oauth2_proxy = {
|
||||
enable = mkEnableOption "oauth2_proxy";
|
||||
options.services.oauth2-proxy = {
|
||||
enable = mkEnableOption "oauth2-proxy";
|
||||
|
||||
package = mkPackageOption pkgs "oauth2-proxy" { };
|
||||
|
||||
|
@ -557,28 +555,30 @@ in
|
|||
OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com
|
||||
and specify the path here.
|
||||
'';
|
||||
example = "/run/keys/oauth2_proxy";
|
||||
example = "/run/keys/oauth2-proxy";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ])
|
||||
];
|
||||
|
||||
services.oauth2_proxy = mkIf (cfg.keyFile != null) {
|
||||
config = mkIf cfg.enable {
|
||||
services.oauth2-proxy = mkIf (cfg.keyFile != null) {
|
||||
clientID = mkDefault null;
|
||||
clientSecret = mkDefault null;
|
||||
cookie.secret = mkDefault null;
|
||||
};
|
||||
|
||||
users.users.oauth2_proxy = {
|
||||
users.users.oauth2-proxy = {
|
||||
description = "OAuth2 Proxy";
|
||||
isSystemUser = true;
|
||||
group = "oauth2_proxy";
|
||||
group = "oauth2-proxy";
|
||||
};
|
||||
|
||||
users.groups.oauth2_proxy = {};
|
||||
users.groups.oauth2-proxy = {};
|
||||
|
||||
systemd.services.oauth2_proxy = {
|
||||
systemd.services.oauth2-proxy = {
|
||||
description = "OAuth2 Proxy";
|
||||
path = [ cfg.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -586,7 +586,7 @@ in
|
|||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "oauth2_proxy";
|
||||
User = "oauth2-proxy";
|
||||
Restart = "always";
|
||||
ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
|
||||
EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;
|
Loading…
Reference in a new issue