nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group

author: Sandro Jäckel <sandro.jaeckel@gmail.com> 2023-12-10 01:04:55 +0100
committer: Sandro Jäckel <sandro.jaeckel@gmail.com> 2024-04-28 20:50:23 +0200
commit: 34f87f3981efa67182fefd5edd4540ac5000c74c (patch)
tree: a37d13cffd1190fcc4cd546533556b79adf971b4 /nixos
parent: 2cf2f3a306f5ea1f0e184b4317c4d50679ec49b3 (diff)
4 files changed, 31 insertions, 29 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md
index d83e7c4ff71cb..bf57994351d8e 100644
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@@ -391,6 +391,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
 
+- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.
+
 - `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
   Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
 
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index ef25a7f3e75a2..773e163d80fce 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1256,8 +1256,8 @@
   ./services/security/kanidm.nix
   ./services/security/munge.nix
   ./services/security/nginx-sso.nix
-  ./services/security/oauth2_proxy.nix
-  ./services/security/oauth2_proxy_nginx.nix
+  ./services/security/oauth2-proxy.nix
+  ./services/security/oauth2-proxy-nginx.nix
   ./services/security/opensnitch.nix
   ./services/security/pass-secret-service.nix
   ./services/security/physlock.nix
diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2-proxy-nginx.nix
index 91d846abb36e6..21e3174d9078e 100644
--- a/nixos/modules/services/security/oauth2_proxy_nginx.nix
+++ b/nixos/modules/services/security/oauth2-proxy-nginx.nix
@@ -1,26 +1,26 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.services.oauth2_proxy.nginx;
+  cfg = config.services.oauth2-proxy.nginx;
 in
 {
-  options.services.oauth2_proxy.nginx = {
+  options.services.oauth2-proxy.nginx = {
     proxy = mkOption {
       type = types.str;
-      default = config.services.oauth2_proxy.httpAddress;
-      defaultText = literalExpression "config.services.oauth2_proxy.httpAddress";
+      default = config.services.oauth2-proxy.httpAddress;
+      defaultText = literalExpression "config.services.oauth2-proxy.httpAddress";
       description = ''
-        The address of the reverse proxy endpoint for oauth2_proxy
+        The address of the reverse proxy endpoint for oauth2-proxy
       '';
     };
 
     domain = mkOption {
       type = types.str;
       description = ''
-        The domain under which the oauth2_proxy will be accesible and the path of cookies are set to.
+        The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.
         This setting must be set to ensure back-redirects are working properly
-        if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain`
-        or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain.
+        if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`
+        or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.
       '';
     };
 
@@ -47,7 +47,7 @@ in
         };
         oldType = types.listOf types.str;
         convertFunc = x:
-          lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
+          lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
           lib.genAttrs x (_: {});
         newType = types.attrsOf vhostSubmodule;
       in types.coercedTo oldType convertFunc newType;
@@ -65,11 +65,11 @@ in
     };
   };
 
-  config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
+  config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
     enable = true;
   };
 
-  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([
+  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([
     {
       virtualHosts.${cfg.domain}.locations."/oauth2/" = {
         proxyPass = cfg.proxy;
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2-proxy.nix
index d2992a196bf87..3f148bab9d522 100644
--- a/nixos/modules/services/security/oauth2_proxy.nix
+++ b/nixos/modules/services/security/oauth2-proxy.nix
@@ -1,15 +1,13 @@
-# NixOS module for oauth2_proxy.
-
 { config, lib, pkgs, ... }:
 
 with lib;
 let
-  cfg = config.services.oauth2_proxy;
+  cfg = config.services.oauth2-proxy;
 
-  # oauth2_proxy provides many options that are only relevant if you are using
+  # oauth2-proxy provides many options that are only relevant if you are using
   # a certain provider. This set maps from provider name to a function that
   # takes the configuration and returns a string that can be inserted into the
-  # command-line to launch oauth2_proxy.
+  # command-line to launch oauth2-proxy.
   providerSpecificOptions = {
     azure = cfg: {
       azure-tenant = cfg.azure.tenant;
@@ -85,8 +83,8 @@ let
   configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig);
 in
 {
-  options.services.oauth2_proxy = {
-    enable = mkEnableOption "oauth2_proxy";
+  options.services.oauth2-proxy = {
+    enable = mkEnableOption "oauth2-proxy";
 
     package = mkPackageOption pkgs "oauth2-proxy" { };
 
@@ -557,28 +555,30 @@ in
         OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com
         and specify the path here.
       '';
-      example = "/run/keys/oauth2_proxy";
+      example = "/run/keys/oauth2-proxy";
     };
-
   };
 
-  config = mkIf cfg.enable {
+  imports = [
+    (mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ])
+  ];
 
-    services.oauth2_proxy = mkIf (cfg.keyFile != null) {
+  config = mkIf cfg.enable {
+    services.oauth2-proxy = mkIf (cfg.keyFile != null) {
       clientID = mkDefault null;
       clientSecret = mkDefault null;
       cookie.secret = mkDefault null;
     };
 
-    users.users.oauth2_proxy = {
+    users.users.oauth2-proxy = {
       description = "OAuth2 Proxy";
       isSystemUser = true;
-      group = "oauth2_proxy";
+      group = "oauth2-proxy";
     };
 
-    users.groups.oauth2_proxy = {};
+    users.groups.oauth2-proxy = {};
 
-    systemd.services.oauth2_proxy = {
+    systemd.services.oauth2-proxy = {
       description = "OAuth2 Proxy";
       path = [ cfg.package ];
       wantedBy = [ "multi-user.target" ];
@@ -586,7 +586,7 @@ in
       after = [ "network-online.target" ];
 
       serviceConfig = {
-        User = "oauth2_proxy";
+        User = "oauth2-proxy";
         Restart = "always";
         ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
         EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;
author	Sandro Jäckel <sandro.jaeckel@gmail.com>	2023-12-10 01:04:55 +0100
committer	Sandro Jäckel <sandro.jaeckel@gmail.com>	2024-04-28 20:50:23 +0200
commit	34f87f3981efa67182fefd5edd4540ac5000c74c (patch)
tree	a37d13cffd1190fcc4cd546533556b79adf971b4 /nixos
parent	2cf2f3a306f5ea1f0e184b4317c4d50679ec49b3 (diff)