MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 07:13:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group

Browse source
This commit is contained in:
Sandro Jäckel 2023-12-10 01:04:55 +01:00
parent 2cf2f3a306
commit 34f87f3981
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
4 changed files with 31 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -391,6 +391,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2. - `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively. - `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts. Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.

4
nixos/modules/module-list.nix
View file

@ -1256,8 +1256,8 @@
./services/security/kanidm.nix ./services/security/kanidm.nix
./services/security/munge.nix ./services/security/munge.nix
./services/security/nginx-sso.nix ./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix ./services/security/oauth2-proxy.nix
./services/security/oauth2_proxy_nginx.nix ./services/security/oauth2-proxy-nginx.nix
./services/security/opensnitch.nix ./services/security/opensnitch.nix
./services/security/pass-secret-service.nix ./services/security/pass-secret-service.nix
./services/security/physlock.nix ./services/security/physlock.nix

22
nixos/modules/services/security/oauth2_proxy_nginx.nix → nixos/modules/services/security/oauth2-proxy-nginx.nix
View file

@ -1,26 +1,26 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.services.oauth2_proxy.nginx; cfg = config.services.oauth2-proxy.nginx;
in in
{ {
options.services.oauth2_proxy.nginx = { options.services.oauth2-proxy.nginx = {
proxy = mkOption { proxy = mkOption {
type = types.str; type = types.str;
default = config.services.oauth2_proxy.httpAddress; default = config.services.oauth2-proxy.httpAddress;
defaultText = literalExpression "config.services.oauth2_proxy.httpAddress"; defaultText = literalExpression "config.services.oauth2-proxy.httpAddress";
description = '' description = ''
The address of the reverse proxy endpoint for oauth2_proxy The address of the reverse proxy endpoint for oauth2-proxy
''; '';
}; };
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
description = '' description = ''
The domain under which the oauth2_proxy will be accesible and the path of cookies are set to. The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.
This setting must be set to ensure back-redirects are working properly This setting must be set to ensure back-redirects are working properly
if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain` if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`
or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain. or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.
''; '';
}; };
@ -47,7 +47,7 @@ in
}; };
oldType = types.listOf types.str; oldType = types.listOf types.str;
convertFunc = x: convertFunc = x:
lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}" lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
lib.genAttrs x (_: {}); lib.genAttrs x (_: {});
newType = types.attrsOf vhostSubmodule; newType = types.attrsOf vhostSubmodule;
in types.coercedTo oldType convertFunc newType; in types.coercedTo oldType convertFunc newType;
@ -65,11 +65,11 @@ in
}; };
}; };
config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) { config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
enable = true; enable = true;
}; };
config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([ config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([
{ {
virtualHosts.${cfg.domain}.locations."/oauth2/" = { virtualHosts.${cfg.domain}.locations."/oauth2/" = {
proxyPass = cfg.proxy; proxyPass = cfg.proxy;

32
nixos/modules/services/security/oauth2_proxy.nix → nixos/modules/services/security/oauth2-proxy.nix
View file

@ -1,15 +1,13 @@
# NixOS module for oauth2_proxy.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.oauth2_proxy; cfg = config.services.oauth2-proxy;
# oauth2_proxy provides many options that are only relevant if you are using # oauth2-proxy provides many options that are only relevant if you are using
# a certain provider. This set maps from provider name to a function that # a certain provider. This set maps from provider name to a function that
# takes the configuration and returns a string that can be inserted into the # takes the configuration and returns a string that can be inserted into the
# command-line to launch oauth2_proxy. # command-line to launch oauth2-proxy.
providerSpecificOptions = { providerSpecificOptions = {
azure = cfg: { azure = cfg: {
azure-tenant = cfg.azure.tenant; azure-tenant = cfg.azure.tenant;
@ -85,8 +83,8 @@ let
configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig); configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig);
in in
{ {
options.services.oauth2_proxy = { options.services.oauth2-proxy = {
enable = mkEnableOption "oauth2_proxy"; enable = mkEnableOption "oauth2-proxy";
package = mkPackageOption pkgs "oauth2-proxy" { }; package = mkPackageOption pkgs "oauth2-proxy" { };
@ -557,28 +555,30 @@ in
OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com
and specify the path here. and specify the path here.
''; '';
example = "/run/keys/oauth2_proxy"; example = "/run/keys/oauth2-proxy";
}; };
}; };
config = mkIf cfg.enable { imports = [
(mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ])
];
services.oauth2_proxy = mkIf (cfg.keyFile != null) { config = mkIf cfg.enable {
services.oauth2-proxy = mkIf (cfg.keyFile != null) {
clientID = mkDefault null; clientID = mkDefault null;
clientSecret = mkDefault null; clientSecret = mkDefault null;
cookie.secret = mkDefault null; cookie.secret = mkDefault null;
}; };
users.users.oauth2_proxy = { users.users.oauth2-proxy = {
description = "OAuth2 Proxy"; description = "OAuth2 Proxy";
isSystemUser = true; isSystemUser = true;
group = "oauth2_proxy"; group = "oauth2-proxy";
}; };
users.groups.oauth2_proxy = {}; users.groups.oauth2-proxy = {};
systemd.services.oauth2_proxy = { systemd.services.oauth2-proxy = {
description = "OAuth2 Proxy"; description = "OAuth2 Proxy";
path = [ cfg.package ]; path = [ cfg.package ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -586,7 +586,7 @@ in
after = [ "network-online.target" ]; after = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
User = "oauth2_proxy"; User = "oauth2-proxy";
Restart = "always"; Restart = "always";
ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}"; ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile; EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;