alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

oauth2_proxy: Update NixOS module

Browse source 
Update to match the current flags and apply fixes to all breaking changes.
This commit is contained in:
Nikola Knezevic 2020-02-11 16:34:21 +01:00
parent 6256d88eed
commit 3c551848be
1 changed files with 24 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
nixos/modules/services/security/oauth2_proxy.nix
View file

@ -12,7 +12,7 @@ let
# command-line to launch oauth2_proxy. # command-line to launch oauth2_proxy.
providerSpecificOptions = { providerSpecificOptions = {
azure = cfg: { azure = cfg: {
azure.tenant = cfg.azure.tenant; azure-tenant = cfg.azure.tenant;
resource = cfg.azure.resource; resource = cfg.azure.resource;
}; };
@ -44,6 +44,7 @@ let
pass-access-token = passAccessToken; pass-access-token = passAccessToken;
pass-basic-auth = passBasicAuth; pass-basic-auth = passBasicAuth;
pass-host-header = passHostHeader; pass-host-header = passHostHeader;
reverse-proxy = reverseProxy;
proxy-prefix = proxyPrefix; proxy-prefix = proxyPrefix;
profile-url = profileURL; profile-url = profileURL;
redeem-url = redeemURL; redeem-url = redeemURL;
@ -65,8 +66,8 @@ let
} // lib.optionalAttrs (cfg.htpasswd.file != null) { } // lib.optionalAttrs (cfg.htpasswd.file != null) {
display-htpasswd-file = cfg.htpasswd.displayForm; display-htpasswd-file = cfg.htpasswd.displayForm;
} // lib.optionalAttrs tls.enable { } // lib.optionalAttrs tls.enable {
tls-cert = tls.certificate; tls-cert-file = tls.certificate;
tls-key = tls.key; tls-key-file = tls.key;
https-address = tls.httpsAddress; https-address = tls.httpsAddress;
} // (getProviderOptions cfg cfg.provider) // cfg.extraConfig; } // (getProviderOptions cfg cfg.provider) // cfg.extraConfig;
@ -98,14 +99,21 @@ in
############################################## ##############################################
# PROVIDER configuration # PROVIDER configuration
# Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go
provider = mkOption { provider = mkOption {
type = types.enum [ type = types.enum [
"google" "google"
"github"
"azure" "azure"
"facebook"
"github"
"keycloak"
"gitlab" "gitlab"
"linkedin" "linkedin"
"myusa" "login.gov"
"bitbucket"
"nextcloud"
"digitalocean"
"oidc"
]; ];
default = "google"; default = "google";
description = '' description = ''
@ -433,6 +441,17 @@ in
''; '';
}; };
reverseProxy = mkOption {
type = types.bool;
default = false;
description = ''
In case when running behind a reverse proxy, controls whether headers
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
proxy will require this flag to be set to avoid logging the reverse
proxy IP address.
'';
};
proxyPrefix = mkOption { proxyPrefix = mkOption {
type = types.str; type = types.str;
default = "/oauth2"; default = "/oauth2";