diff options
author | Bas van Dijk <v.dijk.bas@gmail.com> | 2020-04-22 12:15:07 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-22 12:15:07 +0200 |
commit | 784aa2913ae8678fd26c8241db1d53e0e20ea13c (patch) | |
tree | b81de574457fe0245ba9b2a806533b98199e862d /nixos/modules | |
parent | 6eb1020cbfcd18b4ef8076a09674863da649b8ed (diff) | |
parent | d31bb1e350745ead3aa34f8a4161835609daae7b (diff) | |
download | nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar.gz nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar.bz2 nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar.lz nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar.xz nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.tar.zst nixpkgs-784aa2913ae8678fd26c8241db1d53e0e20ea13c.zip |
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
oauth2_proxy: 3.2.0 -> 5.1.0
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/security/oauth2_proxy.nix | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index 2abb9ec32ac..46caadee204 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -12,7 +12,7 @@ let # command-line to launch oauth2_proxy. providerSpecificOptions = { azure = cfg: { - azure.tenant = cfg.azure.tenant; + azure-tenant = cfg.azure.tenant; resource = cfg.azure.resource; }; @@ -44,6 +44,7 @@ let pass-access-token = passAccessToken; pass-basic-auth = passBasicAuth; pass-host-header = passHostHeader; + reverse-proxy = reverseProxy; proxy-prefix = proxyPrefix; profile-url = profileURL; redeem-url = redeemURL; @@ -65,8 +66,8 @@ let } // lib.optionalAttrs (cfg.htpasswd.file != null) { display-htpasswd-file = cfg.htpasswd.displayForm; } // lib.optionalAttrs tls.enable { - tls-cert = tls.certificate; - tls-key = tls.key; + tls-cert-file = tls.certificate; + tls-key-file = tls.key; https-address = tls.httpsAddress; } // (getProviderOptions cfg cfg.provider) // cfg.extraConfig; @@ -98,14 +99,21 @@ in ############################################## # PROVIDER configuration + # Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go provider = mkOption { type = types.enum [ "google" - "github" "azure" + "facebook" + "github" + "keycloak" "gitlab" "linkedin" - "myusa" + "login.gov" + "bitbucket" + "nextcloud" + "digitalocean" + "oidc" ]; default = "google"; description = '' @@ -433,6 +441,17 @@ in ''; }; + reverseProxy = mkOption { + type = types.bool; + default = false; + description = '' + In case when running behind a reverse proxy, controls whether headers + like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse + proxy will require this flag to be set to avoid logging the reverse + proxy IP address. + ''; + }; + proxyPrefix = mkOption { type = types.str; default = "/oauth2"; |