nixos/modules/services/security/nginx-sso.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / nginx-sso.nix

at 24.11-pre 1.5 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.nginx.sso;
 7  pkg = getBin cfg.package;
 8  configYml = pkgs.writeText "nginx-sso.yml" (builtins.toJSON cfg.configuration);
 9in {
10  options.services.nginx.sso = {
11    enable = mkEnableOption "nginx-sso service";
12
13    package = mkPackageOption pkgs "nginx-sso" { };
14
15    configuration = mkOption {
16      type = types.attrsOf types.unspecified;
17      default = {};
18      example = literalExpression ''
19        {
20          listen = { addr = "127.0.0.1"; port = 8080; };
21
22          providers.token.tokens = {
23            myuser = "MyToken";
24          };
25
26          acl = {
27            rule_sets = [
28              {
29                rules = [ { field = "x-application"; equals = "MyApp"; } ];
30                allow = [ "myuser" ];
31              }
32            ];
33          };
34        }
35      '';
36      description = ''
37        nginx-sso configuration
38        ([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration))
39        as a Nix attribute set.
40      '';
41    };
42  };
43
44  config = mkIf cfg.enable {
45    systemd.services.nginx-sso = {
46      description = "Nginx SSO Backend";
47      after = [ "network.target" ];
48      wantedBy = [ "multi-user.target" ];
49      serviceConfig = {
50        ExecStart = ''
51          ${pkg}/bin/nginx-sso \
52            --config ${configYml} \
53            --frontend-dir ${pkg}/share/frontend
54        '';
55        Restart = "always";
56        DynamicUser = true;
57      };
58    };
59  };
60}