diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/services/nginx/sso/default.nix | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix deleted file mode 100644 index d7a6c7f..0000000 --- a/modules/services/nginx/sso/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -# I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: -let - cfg = config.services.nginx.sso; - pkg = lib.getBin cfg.package; - confPath = "/var/lib/nginx-sso/config.json"; -in -{ - disabledModules = [ "services/security/nginx-sso.nix" ]; - options.services.nginx.sso = with lib; { - enable = mkEnableOption "nginx-sso service"; - package = mkOption { - type = types.package; - default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; - description = '' - The nginx-sso package that should be used. - ''; - }; - configuration = mkOption { - type = types.attrsOf types.unspecified; - default = { }; - example = literalExample '' - { - listen = { addr = "127.0.0.1"; port = 8080; }; - providers.token.tokens = { - myuser = "MyToken"; - }; - acl = { - rule_sets = [ - { - rules = [ { field = "x-application"; equals = "MyApp"; } ]; - allow = [ "myuser" ]; - } - ]; - }; - } - ''; - description = '' - nginx-sso configuration - (<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>) - as a Nix attribute set. - ''; - }; - }; - config = lib.mkIf cfg.enable { - systemd.services.nginx-sso = { - description = "Nginx SSO Backend"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - StateDirectory = "nginx-sso"; - WorkingDirectory = "/var/lib/nginx-sso"; - # The files to be merged might not have the correct permissions - ExecStartPre = "+${ - pkgs.writeScript "merge-nginx-sso-config" '' - #!${pkgs.bash}/bin/bash - rm -f '${confPath}' - ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - # Fix permissions - chown nginx-sso:nginx-sso ${confPath} - chmod 0600 ${confPath} - '' - }"; - ExecStart = lib.mkForce '' - ${pkg}/bin/nginx-sso \ - --config ${confPath} \ - --frontend-dir ${pkg}/share/frontend - ''; - Restart = "always"; - User = "nginx-sso"; - Group = "nginx-sso"; - }; - }; - users.users.nginx-sso = { - isSystemUser = true; - group = "nginx-sso"; - }; - users.groups.nginx-sso = { }; - }; -} |