diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/oauth2-proxy-nginx.nix (renamed from nixos/modules/services/security/oauth2_proxy_nginx.nix) | 22 | ||||
-rw-r--r-- | nixos/modules/services/security/oauth2-proxy.nix (renamed from nixos/modules/services/security/oauth2_proxy.nix) | 32 |
3 files changed, 29 insertions, 29 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ef25a7f3e75a2..773e163d80fce 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1256,8 +1256,8 @@ ./services/security/kanidm.nix ./services/security/munge.nix ./services/security/nginx-sso.nix - ./services/security/oauth2_proxy.nix - ./services/security/oauth2_proxy_nginx.nix + ./services/security/oauth2-proxy.nix + ./services/security/oauth2-proxy-nginx.nix ./services/security/opensnitch.nix ./services/security/pass-secret-service.nix ./services/security/physlock.nix diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2-proxy-nginx.nix index 91d846abb36e6..21e3174d9078e 100644 --- a/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ b/nixos/modules/services/security/oauth2-proxy-nginx.nix @@ -1,26 +1,26 @@ { config, lib, ... }: with lib; let - cfg = config.services.oauth2_proxy.nginx; + cfg = config.services.oauth2-proxy.nginx; in { - options.services.oauth2_proxy.nginx = { + options.services.oauth2-proxy.nginx = { proxy = mkOption { type = types.str; - default = config.services.oauth2_proxy.httpAddress; - defaultText = literalExpression "config.services.oauth2_proxy.httpAddress"; + default = config.services.oauth2-proxy.httpAddress; + defaultText = literalExpression "config.services.oauth2-proxy.httpAddress"; description = '' - The address of the reverse proxy endpoint for oauth2_proxy + The address of the reverse proxy endpoint for oauth2-proxy ''; }; domain = mkOption { type = types.str; description = '' - The domain under which the oauth2_proxy will be accesible and the path of cookies are set to. + The domain under which the oauth2-proxy will be accesible and the path of cookies are set to. This setting must be set to ensure back-redirects are working properly - if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain` - or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain. + if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain` + or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain. ''; }; @@ -47,7 +47,7 @@ in }; oldType = types.listOf types.str; convertFunc = x: - lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}" + lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}" lib.genAttrs x (_: {}); newType = types.attrsOf vhostSubmodule; in types.coercedTo oldType convertFunc newType; @@ -65,11 +65,11 @@ in }; }; - config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) { + config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) { enable = true; }; - config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([ + config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([ { virtualHosts.${cfg.domain}.locations."/oauth2/" = { proxyPass = cfg.proxy; diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2-proxy.nix index d2992a196bf87..3f148bab9d522 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2-proxy.nix @@ -1,15 +1,13 @@ -# NixOS module for oauth2_proxy. - { config, lib, pkgs, ... }: with lib; let - cfg = config.services.oauth2_proxy; + cfg = config.services.oauth2-proxy; - # oauth2_proxy provides many options that are only relevant if you are using + # oauth2-proxy provides many options that are only relevant if you are using # a certain provider. This set maps from provider name to a function that # takes the configuration and returns a string that can be inserted into the - # command-line to launch oauth2_proxy. + # command-line to launch oauth2-proxy. providerSpecificOptions = { azure = cfg: { azure-tenant = cfg.azure.tenant; @@ -85,8 +83,8 @@ let configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig); in { - options.services.oauth2_proxy = { - enable = mkEnableOption "oauth2_proxy"; + options.services.oauth2-proxy = { + enable = mkEnableOption "oauth2-proxy"; package = mkPackageOption pkgs "oauth2-proxy" { }; @@ -557,28 +555,30 @@ in OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here. ''; - example = "/run/keys/oauth2_proxy"; + example = "/run/keys/oauth2-proxy"; }; - }; - config = mkIf cfg.enable { + imports = [ + (mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ]) + ]; - services.oauth2_proxy = mkIf (cfg.keyFile != null) { + config = mkIf cfg.enable { + services.oauth2-proxy = mkIf (cfg.keyFile != null) { clientID = mkDefault null; clientSecret = mkDefault null; cookie.secret = mkDefault null; }; - users.users.oauth2_proxy = { + users.users.oauth2-proxy = { description = "OAuth2 Proxy"; isSystemUser = true; - group = "oauth2_proxy"; + group = "oauth2-proxy"; }; - users.groups.oauth2_proxy = {}; + users.groups.oauth2-proxy = {}; - systemd.services.oauth2_proxy = { + systemd.services.oauth2-proxy = { description = "OAuth2 Proxy"; path = [ cfg.package ]; wantedBy = [ "multi-user.target" ]; @@ -586,7 +586,7 @@ in after = [ "network-online.target" ]; serviceConfig = { - User = "oauth2_proxy"; + User = "oauth2-proxy"; Restart = "always"; ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}"; EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile; |