diff options
| author | Nikola Knežević <nikola@knezevic.ch> | 2020-07-20 07:08:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-19 22:08:33 -0700 |
| commit | 53f42f245af191cb5b1fc9e174c76d2a98b9f96f (patch) | |
| tree | 11e506a5797da7f0a8caf42f57404b1b354ddd8d /nixos/modules/services/security/oauth2_proxy.nix | |
| parent | 902987d23d1c7e46e7310e213a5c1ba8b3b4d79a (diff) | |
| download | nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.gz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.bz2 nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.lz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.xz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.zst nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.zip | |
oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)
The new release fixes one of the outstanding CVEs against oauth2_proxy: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv. In addition, rename the owner and the project name to reflect the changes upstream (it now belongs to the oauth2-proxy organization, and the name is oauth2-proxy)
Diffstat (limited to 'nixos/modules/services/security/oauth2_proxy.nix')
| -rw-r--r-- | nixos/modules/services/security/oauth2_proxy.nix | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index d5c5437329e..2f9e94bd77b 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -99,7 +99,7 @@ in ############################################## # PROVIDER configuration - # Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go + # Taken from: https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go provider = mkOption { type = types.enum [ "google" @@ -346,7 +346,9 @@ in type = types.nullOr types.str; default = null; description = '' - An optional cookie domain to force cookies to. + Optional cookie domains to force cookies to (ie: `.yourcompany.com`). + The longest domain matching the request's host will be used (or the shortest + cookie domain if there is no match). ''; example = ".yourcompany.com"; }; @@ -537,7 +539,7 @@ in extraConfig = mkOption { default = {}; description = '' - Extra config to pass to oauth2_proxy. + Extra config to pass to oauth2-proxy. ''; }; @@ -545,7 +547,7 @@ in type = types.nullOr types.path; default = null; description = '' - oauth2_proxy allows passing sensitive configuration via environment variables. + oauth2-proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here. @@ -577,7 +579,7 @@ in serviceConfig = { User = "oauth2_proxy"; Restart = "always"; - ExecStart = "${cfg.package}/bin/oauth2_proxy ${configString}"; + ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}"; EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile; }; }; |