Merge pull request #217482 from motiejus/headscale_oidc_client_secret

headscale: natively support oidc.client_secret_path
author: K900 <me@0upti.me> 2023-03-22 14:30:03 +0300
committer: GitHub <noreply@github.com> 2023-03-22 14:30:03 +0300
commit: 5bf9765c0a304850242b9cf5998818e0a9548903 (patch)
tree: 138ecd91d13a2406efb34172637b6db01fe883bb /nixos
parent: 216f9f413df39aa04ae49c66ed9b83483871d6ee (diff)
parent: 2b168ba3f064beeb908031bb765a33b806d6c77f (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix
index 390a448ab5842..d2851e72a0dd6 100644
--- a/nixos/modules/services/networking/headscale.nix
+++ b/nixos/modules/services/networking/headscale.nix
@@ -291,11 +291,11 @@ in {
                 '';
               };
 
-              client_secret_file = mkOption {
+              client_secret_path = mkOption {
                 type = types.nullOr types.path;
                 default = null;
                 description = lib.mdDoc ''
-                  Path to OpenID Connect client secret file.
+                  Path to OpenID Connect client secret file. Expands environment variables in format ''${VAR}.
                 '';
               };
 
@@ -425,7 +425,7 @@ in {
     (mkRenamedOptionModule ["services" "headscale" "dns" "baseDomain"] ["services" "headscale" "settings" "dns_config" "base_domain"])
     (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "issuer"] ["services" "headscale" "settings" "oidc" "issuer"])
     (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientId"] ["services" "headscale" "settings" "oidc" "client_id"])
-    (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientSecretFile"] ["services" "headscale" "settings" "oidc" "client_secret_file"])
+    (mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientSecretFile"] ["services" "headscale" "settings" "oidc" "client_secret_path"])
     (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "hostname"] ["services" "headscale" "settings" "tls_letsencrypt_hostname"])
     (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "challengeType"] ["services" "headscale" "settings" "tls_letsencrypt_challenge_type"])
     (mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "httpListen"] ["services" "headscale" "settings" "tls_letsencrypt_listen"])
@@ -478,9 +478,6 @@ in {
           export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.settings.db_password_file})"
         ''}
 
-        ${optionalString (cfg.settings.oidc.client_secret_file != null) ''
-          export HEADSCALE_OIDC_CLIENT_SECRET="$(head -n1 ${escapeShellArg cfg.settings.oidc.client_secret_file})"
-        ''}
         exec ${cfg.package}/bin/headscale serve
       '';
author	K900 <me@0upti.me>	2023-03-22 14:30:03 +0300
committer	GitHub <noreply@github.com>	2023-03-22 14:30:03 +0300
commit	5bf9765c0a304850242b9cf5998818e0a9548903 (patch)
tree	138ecd91d13a2406efb34172637b6db01fe883bb /nixos
parent	216f9f413df39aa04ae49c66ed9b83483871d6ee (diff)
parent	2b168ba3f064beeb908031bb765a33b806d6c77f (diff)