diff options
author | K900 <me@0upti.me> | 2023-03-22 14:30:03 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-22 14:30:03 +0300 |
commit | 5bf9765c0a304850242b9cf5998818e0a9548903 (patch) | |
tree | 138ecd91d13a2406efb34172637b6db01fe883bb /nixos | |
parent | 216f9f413df39aa04ae49c66ed9b83483871d6ee (diff) | |
parent | 2b168ba3f064beeb908031bb765a33b806d6c77f (diff) |
Merge pull request #217482 from motiejus/headscale_oidc_client_secret
headscale: natively support oidc.client_secret_path
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/headscale.nix | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index 390a448ab5842..d2851e72a0dd6 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -291,11 +291,11 @@ in { ''; }; - client_secret_file = mkOption { + client_secret_path = mkOption { type = types.nullOr types.path; default = null; description = lib.mdDoc '' - Path to OpenID Connect client secret file. + Path to OpenID Connect client secret file. Expands environment variables in format ''${VAR}. ''; }; @@ -425,7 +425,7 @@ in { (mkRenamedOptionModule ["services" "headscale" "dns" "baseDomain"] ["services" "headscale" "settings" "dns_config" "base_domain"]) (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "issuer"] ["services" "headscale" "settings" "oidc" "issuer"]) (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientId"] ["services" "headscale" "settings" "oidc" "client_id"]) - (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientSecretFile"] ["services" "headscale" "settings" "oidc" "client_secret_file"]) + (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientSecretFile"] ["services" "headscale" "settings" "oidc" "client_secret_path"]) (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "hostname"] ["services" "headscale" "settings" "tls_letsencrypt_hostname"]) (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "challengeType"] ["services" "headscale" "settings" "tls_letsencrypt_challenge_type"]) (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "httpListen"] ["services" "headscale" "settings" "tls_letsencrypt_listen"]) @@ -478,9 +478,6 @@ in { export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.settings.db_password_file})" ''} - ${optionalString (cfg.settings.oidc.client_secret_file != null) '' - export HEADSCALE_OIDC_CLIENT_SECRET="$(head -n1 ${escapeShellArg cfg.settings.oidc.client_secret_file})" - ''} exec ${cfg.package}/bin/headscale serve ''; |