summary refs log tree commit diff
path: root/nixos/modules/services/security/oauth2_proxy.nix
diff options
context:
space:
mode:
authorJoachim Fasting <joachifm@fastmail.fm>2016-06-10 01:01:56 +0200
committerJoachim Fasting <joachifm@fastmail.fm>2016-06-10 01:02:40 +0200
commitc1cb5ca57e4b067afaa13fd93ed1392ec84c9da2 (patch)
tree21b7b369f01f7ca869dba64dbdb4d00b643d68d7 /nixos/modules/services/security/oauth2_proxy.nix
parent589082646a8b12c6dd6138f2fa49ccbe02107595 (diff)
downloadnixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar.gz
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar.bz2
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar.lz
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar.xz
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.tar.zst
nixpkgs-c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2.zip
oauth2_proxy module: fix manual build
Diffstat (limited to 'nixos/modules/services/security/oauth2_proxy.nix')
-rw-r--r--nixos/modules/services/security/oauth2_proxy.nix43


1 files changed, 19 insertions, 24 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix
index aa962743f85..b149373076a 100644
--- a/nixos/modules/services/security/oauth2_proxy.nix
+++ b/nixos/modules/services/security/oauth2_proxy.nix
@@ -77,17 +77,12 @@ let
 in
 {
   options.services.oauth2_proxy = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Whether to run oauth2_proxy.
-      '';
-    };
+    enable = mkEnableOption "oauth2_proxy";
 
     package = mkOption {
       type = types.package;
       default = pkgs.oauth2_proxy;
+      defaultText = "pkgs.oauth2_proxy";
       description = ''
         The package that provides oauth2_proxy.
       '';
@@ -137,8 +132,8 @@ in
      type = types.listOf types.str;
      default = [];
      description = ''
-       List of regular expressions which will bypass authentication when
-       requests path's match.
+       Skip authentication for requests matching any of these regular
+       expressions.
      '';
     };
 
@@ -148,7 +143,8 @@ in
         type = types.listOf types.str;
         default = [];
         description = ''
-          Authenticate emails with the specified domains. Use * to authenticate any email.
+          Authenticate emails with the specified domains. Use
+          <literal>*</literal> to authenticate any email.
         '';
       };
 
@@ -178,7 +174,7 @@ in
       type = types.nullOr types.str;
       default = null;
       description = ''
-     	Token redemption endpoint.
+        Token redemption endpoint.
 
         You only need to set this if you are using a self-hosted provider (e.g.
         Github Enterprise). If you're using a publicly hosted provider
@@ -238,7 +234,7 @@ in
           Directory API, thus the service account needs to impersonate one of
           those users to access the Admin SDK Directory API.
 
-          See <link xlink="https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account" />
+          See <link xlink:href="https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account" />.
         '';
       };
 
@@ -282,8 +278,8 @@ in
     upstream = mkOption {
       type = types.commas;
       description = ''
-        The http url(s) of the upstream endpoint or file:// paths for static
-        files. Routing is based on the path.
+        The http url(s) of the upstream endpoint or <literal>file://</literal>
+        paths for static files. Routing is based on the path.
       '';
     };
 
@@ -395,11 +391,9 @@ in
       type = types.str;
       default = "127.0.0.1:4180";
       description = ''
-        [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients.
-
-        This module does *not* expose the port by default. If you want this URL
-        to be accessible to other machines, please add the port to
-        networking.firewall.allowedTCPPorts.
+        HTTPS listening address.  This module does not expose the port by
+        default. If you want this URL to be accessible to other machines, please
+        add the port to <literal>networking.firewall.allowedTCPPorts</literal>.
       '';
     };
 
@@ -409,7 +403,7 @@ in
         default = null;
         description = ''
           Additionally authenticate against a htpasswd file. Entries must be
-          created with "htpasswd -s" for SHA encryption.
+          created with <literal>htpasswd -s</literal> for SHA encryption.
         '';
       };
 
@@ -434,7 +428,7 @@ in
       type = types.str;
       default = "/oauth2";
       description = ''
-        The url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in);
+        The url root path that this proxy should be nested under.
       '';
     };
 
@@ -465,10 +459,11 @@ in
         type = types.str;
         default = ":443";
         description = ''
-          <addr>:<port> to listen on for HTTPS clients.
+          <literal>addr:port</literal> to listen on for HTTPS clients.
 
-          Remember to add <port> to allowedTCPPorts if you want other machines
-          to be able to connect to it.
+          Remember to add <literal>port</literal> to
+          <literal>allowedTCPPorts</literal> if you want other machines to be
+          able to connect to it.
         '';
       };
     };

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-13 22:36:12 +0000