about summary refs log tree commit diff
path: root/modules/services/nginx/sso/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/nginx/sso/default.nix')
-rw-r--r--modules/services/nginx/sso/default.nix81
1 files changed, 0 insertions, 81 deletions
diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix
deleted file mode 100644
index d7a6c7f..0000000
--- a/modules/services/nginx/sso/default.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-# I must override the module to allow having runtime secrets
-{ config, lib, pkgs, utils, ... }:
-let
-  cfg = config.services.nginx.sso;
-  pkg = lib.getBin cfg.package;
-  confPath = "/var/lib/nginx-sso/config.json";
-in
-{
-  disabledModules = [ "services/security/nginx-sso.nix" ];
-  options.services.nginx.sso = with lib; {
-    enable = mkEnableOption "nginx-sso service";
-    package = mkOption {
-      type = types.package;
-      default = pkgs.nginx-sso;
-      defaultText = "pkgs.nginx-sso";
-      description = ''
-        The nginx-sso package that should be used.
-      '';
-    };
-    configuration = mkOption {
-      type = types.attrsOf types.unspecified;
-      default = { };
-      example = literalExample ''
-        {
-          listen = { addr = "127.0.0.1"; port = 8080; };
-          providers.token.tokens = {
-            myuser = "MyToken";
-          };
-          acl = {
-            rule_sets = [
-              {
-                rules = [ { field = "x-application"; equals = "MyApp"; } ];
-                allow = [ "myuser" ];
-              }
-            ];
-          };
-        }
-      '';
-      description = ''
-        nginx-sso configuration
-        (<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
-        as a Nix attribute set.
-      '';
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    systemd.services.nginx-sso = {
-      description = "Nginx SSO Backend";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        StateDirectory = "nginx-sso";
-        WorkingDirectory = "/var/lib/nginx-sso";
-        # The files to be merged might not have the correct permissions
-        ExecStartPre = "+${
-            pkgs.writeScript "merge-nginx-sso-config" ''
-              #!${pkgs.bash}/bin/bash
-              rm -f '${confPath}'
-              ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
-              # Fix permissions
-              chown nginx-sso:nginx-sso ${confPath}
-              chmod 0600 ${confPath}
-            ''
-          }";
-        ExecStart = lib.mkForce ''
-          ${pkg}/bin/nginx-sso \
-            --config ${confPath} \
-            --frontend-dir ${pkg}/share/frontend
-        '';
-        Restart = "always";
-        User = "nginx-sso";
-        Group = "nginx-sso";
-      };
-    };
-    users.users.nginx-sso = {
-      isSystemUser = true;
-      group = "nginx-sso";
-    };
-    users.groups.nginx-sso = { };
-  };
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-17 21:54:45 +0000