Loading nixos/modules/services/security/nginx-sso.nix +27 −5 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, utils, ... }: with lib; let cfg = config.services.nginx.sso; format = pkgs.formats.yaml { }; configYml = format.generate "nginx-sso.yml" cfg.configuration; configPath = "/var/lib/nginx-sso/config.yaml"; in { options.services.nginx.sso = { enable = mkEnableOption "nginx-sso service"; Loading @@ -20,7 +20,9 @@ in { listen = { addr = "127.0.0.1"; port = 8080; }; providers.token.tokens = { myuser = "MyToken"; myuser = { _secret = "/path/to/secret/token.txt"; # File content should be the secret token }; }; acl = { Loading @@ -37,6 +39,11 @@ in { nginx-sso configuration ([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration)) as a Nix attribute set. Options containing secret data should be set to an attribute set with the singleton attribute `_secret` - a string value set to the path to the file containing the secret value which should be used in the configuration. This file must be readable by `nginx-sso`. ''; }; }; Loading @@ -47,14 +54,29 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { StateDirectory = "nginx-sso"; WorkingDirectory = "/var/lib/nginx-sso"; ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' rm -f '${configPath}' # Relies on YAML being a superset of JSON ${utils.genJqSecretsReplacementSnippet cfg.configuration configPath} ''; ExecStart = '' ${lib.getExe cfg.package} \ --config ${configYml} \ --config ${configPath} \ --frontend-dir ${lib.getBin cfg.package}/share/frontend ''; Restart = "always"; DynamicUser = true; User = "nginx-sso"; Group = "nginx-sso"; }; }; users.users.nginx-sso = { isSystemUser = true; group = "nginx-sso"; }; users.groups.nginx-sso = { }; }; } Loading
nixos/modules/services/security/nginx-sso.nix +27 −5 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, utils, ... }: with lib; let cfg = config.services.nginx.sso; format = pkgs.formats.yaml { }; configYml = format.generate "nginx-sso.yml" cfg.configuration; configPath = "/var/lib/nginx-sso/config.yaml"; in { options.services.nginx.sso = { enable = mkEnableOption "nginx-sso service"; Loading @@ -20,7 +20,9 @@ in { listen = { addr = "127.0.0.1"; port = 8080; }; providers.token.tokens = { myuser = "MyToken"; myuser = { _secret = "/path/to/secret/token.txt"; # File content should be the secret token }; }; acl = { Loading @@ -37,6 +39,11 @@ in { nginx-sso configuration ([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration)) as a Nix attribute set. Options containing secret data should be set to an attribute set with the singleton attribute `_secret` - a string value set to the path to the file containing the secret value which should be used in the configuration. This file must be readable by `nginx-sso`. ''; }; }; Loading @@ -47,14 +54,29 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { StateDirectory = "nginx-sso"; WorkingDirectory = "/var/lib/nginx-sso"; ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' rm -f '${configPath}' # Relies on YAML being a superset of JSON ${utils.genJqSecretsReplacementSnippet cfg.configuration configPath} ''; ExecStart = '' ${lib.getExe cfg.package} \ --config ${configYml} \ --config ${configPath} \ --frontend-dir ${lib.getBin cfg.package}/share/frontend ''; Restart = "always"; DynamicUser = true; User = "nginx-sso"; Group = "nginx-sso"; }; }; users.users.nginx-sso = { isSystemUser = true; group = "nginx-sso"; }; users.groups.nginx-sso = { }; }; }
