mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 01:43:15 +00:00
oauth2_proxy: Update NixOS module
Update to match the current flags and apply fixes to all breaking changes.
This commit is contained in:
parent
6256d88eed
commit
3c551848be
@ -12,7 +12,7 @@ let
|
||||
# command-line to launch oauth2_proxy.
|
||||
providerSpecificOptions = {
|
||||
azure = cfg: {
|
||||
azure.tenant = cfg.azure.tenant;
|
||||
azure-tenant = cfg.azure.tenant;
|
||||
resource = cfg.azure.resource;
|
||||
};
|
||||
|
||||
@ -44,6 +44,7 @@ let
|
||||
pass-access-token = passAccessToken;
|
||||
pass-basic-auth = passBasicAuth;
|
||||
pass-host-header = passHostHeader;
|
||||
reverse-proxy = reverseProxy;
|
||||
proxy-prefix = proxyPrefix;
|
||||
profile-url = profileURL;
|
||||
redeem-url = redeemURL;
|
||||
@ -65,8 +66,8 @@ let
|
||||
} // lib.optionalAttrs (cfg.htpasswd.file != null) {
|
||||
display-htpasswd-file = cfg.htpasswd.displayForm;
|
||||
} // lib.optionalAttrs tls.enable {
|
||||
tls-cert = tls.certificate;
|
||||
tls-key = tls.key;
|
||||
tls-cert-file = tls.certificate;
|
||||
tls-key-file = tls.key;
|
||||
https-address = tls.httpsAddress;
|
||||
} // (getProviderOptions cfg cfg.provider) // cfg.extraConfig;
|
||||
|
||||
@ -98,14 +99,21 @@ in
|
||||
|
||||
##############################################
|
||||
# PROVIDER configuration
|
||||
# Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go
|
||||
provider = mkOption {
|
||||
type = types.enum [
|
||||
"google"
|
||||
"github"
|
||||
"azure"
|
||||
"facebook"
|
||||
"github"
|
||||
"keycloak"
|
||||
"gitlab"
|
||||
"linkedin"
|
||||
"myusa"
|
||||
"login.gov"
|
||||
"bitbucket"
|
||||
"nextcloud"
|
||||
"digitalocean"
|
||||
"oidc"
|
||||
];
|
||||
default = "google";
|
||||
description = ''
|
||||
@ -433,6 +441,17 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
reverseProxy = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
In case when running behind a reverse proxy, controls whether headers
|
||||
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
|
||||
proxy will require this flag to be set to avoid logging the reverse
|
||||
proxy IP address.
|
||||
'';
|
||||
};
|
||||
|
||||
proxyPrefix = mkOption {
|
||||
type = types.str;
|
||||
default = "/oauth2";
|
||||
|
Loading…
Reference in New Issue
Block a user