nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group

- `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.

- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.

- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.

  Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.

  ./services/security/kanidm.nix

  ./services/security/munge.nix

  ./services/security/nginx-sso.nix

  ./services/security/oauth2_proxy.nix

  ./services/security/oauth2_proxy_nginx.nix

  ./services/security/oauth2-proxy.nix

  ./services/security/oauth2-proxy-nginx.nix

  ./services/security/opensnitch.nix

  ./services/security/pass-secret-service.nix

  ./services/security/physlock.nix

{ config, lib, ... }:

with lib;

let

  cfg = config.services.oauth2_proxy.nginx;

  cfg = config.services.oauth2-proxy.nginx;

in

{

  options.services.oauth2_proxy.nginx = {

  options.services.oauth2-proxy.nginx = {

    proxy = mkOption {

      type = types.str;

      default = config.services.oauth2_proxy.httpAddress;

      defaultText = literalExpression "config.services.oauth2_proxy.httpAddress";

      default = config.services.oauth2-proxy.httpAddress;

      defaultText = literalExpression "config.services.oauth2-proxy.httpAddress";

      description = ''

        The address of the reverse proxy endpoint for oauth2_proxy

        The address of the reverse proxy endpoint for oauth2-proxy

      '';

    };

    domain = mkOption {

      type = types.str;

      description = ''

        The domain under which the oauth2_proxy will be accesible and the path of cookies are set to.

        The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.

        This setting must be set to ensure back-redirects are working properly

        if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain`

        or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain.

        if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`

        or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.

      '';

    };

        };

        oldType = types.listOf types.str;

        convertFunc = x:

          lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"

          lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"

          lib.genAttrs x (_: {});

        newType = types.attrsOf vhostSubmodule;

      in types.coercedTo oldType convertFunc newType;

    };

  };

  config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {

  config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {

    enable = true;

  };

  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([

  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([

    {

      virtualHosts.${cfg.domain}.locations."/oauth2/" = {

        proxyPass = cfg.proxy;

# NixOS module for oauth2_proxy.

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.oauth2_proxy;

  cfg = config.services.oauth2-proxy;

  # oauth2_proxy provides many options that are only relevant if you are using

  # oauth2-proxy provides many options that are only relevant if you are using

  # a certain provider. This set maps from provider name to a function that

  # takes the configuration and returns a string that can be inserted into the

  # command-line to launch oauth2_proxy.

  # command-line to launch oauth2-proxy.

  providerSpecificOptions = {

    azure = cfg: {

      azure-tenant = cfg.azure.tenant;

  configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig);

in

{

  options.services.oauth2_proxy = {

    enable = mkEnableOption "oauth2_proxy";

  options.services.oauth2-proxy = {

    enable = mkEnableOption "oauth2-proxy";

    package = mkPackageOption pkgs "oauth2-proxy" { };

        OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com

        and specify the path here.

      '';

      example = "/run/keys/oauth2_proxy";

      example = "/run/keys/oauth2-proxy";

    };

  };

  config = mkIf cfg.enable {

  imports = [

    (mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ])

  ];

    services.oauth2_proxy = mkIf (cfg.keyFile != null) {

  config = mkIf cfg.enable {

    services.oauth2-proxy = mkIf (cfg.keyFile != null) {

      clientID = mkDefault null;

      clientSecret = mkDefault null;

      cookie.secret = mkDefault null;

    };

    users.users.oauth2_proxy = {

    users.users.oauth2-proxy = {

      description = "OAuth2 Proxy";

      isSystemUser = true;

      group = "oauth2_proxy";

      group = "oauth2-proxy";

    };

    users.groups.oauth2_proxy = {};

    users.groups.oauth2-proxy = {};

    systemd.services.oauth2_proxy = {

    systemd.services.oauth2-proxy = {

      description = "OAuth2 Proxy";

      path = [ cfg.package ];

      wantedBy = [ "multi-user.target" ];

      after = [ "network-online.target" ];

      serviceConfig = {

        User = "oauth2_proxy";

        User = "oauth2-proxy";

        Restart = "always";

        ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";

        EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;