nixos/modules/services/security/nginx-sso.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / nginx-sso.nix
at 23.11-pre 1.7 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.nginx.sso;
 7  pkg = getBin cfg.package;
 8  configYml = pkgs.writeText "nginx-sso.yml" (builtins.toJSON cfg.configuration);
 9in {
10  options.services.nginx.sso = {
11    enable = mkEnableOption (lib.mdDoc "nginx-sso service");
12
13    package = mkOption {
14      type = types.package;
15      default = pkgs.nginx-sso;
16      defaultText = literalExpression "pkgs.nginx-sso";
17      description = lib.mdDoc ''
18        The nginx-sso package that should be used.
19      '';
20    };
21
22    configuration = mkOption {
23      type = types.attrsOf types.unspecified;
24      default = {};
25      example = literalExpression ''
26        {
27          listen = { addr = "127.0.0.1"; port = 8080; };
28
29          providers.token.tokens = {
30            myuser = "MyToken";
31          };
32
33          acl = {
34            rule_sets = [
35              {
36                rules = [ { field = "x-application"; equals = "MyApp"; } ];
37                allow = [ "myuser" ];
38              }
39            ];
40          };
41        }
42      '';
43      description = lib.mdDoc ''
44        nginx-sso configuration
45        ([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration))
46        as a Nix attribute set.
47      '';
48    };
49  };
50
51  config = mkIf cfg.enable {
52    systemd.services.nginx-sso = {
53      description = "Nginx SSO Backend";
54      after = [ "network.target" ];
55      wantedBy = [ "multi-user.target" ];
56      serviceConfig = {
57        ExecStart = ''
58          ${pkg}/bin/nginx-sso \
59            --config ${configYml} \
60            --frontend-dir ${pkg}/share/frontend
61        '';
62        Restart = "always";
63        DynamicUser = true;
64      };
65    };
66  };
67}