Loading nixos/modules/services/security/warpgate.nix +110 −15 Original line number Diff line number Diff line Loading @@ -51,7 +51,10 @@ in freeformType = yaml.type; options = { sso_providers = mkOption { description = "Configure OIDC single sign-on providers."; description = '' Configure OIDC single sign-on providers. Main documentation can be found [here](https://warpgate.null.page/sso). ''; default = [ ]; type = listOf (submodule { freeformType = yaml.type; Loading @@ -62,12 +65,40 @@ in }; label = mkOption { description = "SSO provider name displayed on login page."; type = str; default = null; type = nullOr str; }; auto_create_users = mkOption { description = "Whether to create user automatically at first SSO login."; default = false; type = bool; }; provider = mkOption { description = "SSO provider configurations."; description = '' SSO provider configurations. See [here](https://github.com/warp-tech/warpgate/blob/ffc755f0137944bd39cf4cbce90f4279da500943/config-schema.json#L430) for all acceptable options. ''; type = attrsOf yaml.type; }; return_domain_whitelist = mkOption { description = '' Controls the SSO return URL supplied to SSO provider. This will also required you to connect to this instance via whitelisted domain when doing SSO login. ''; default = null; type = nullOr (listOf str); }; return_url_prefix = mkOption { description = '' Controls the SSO return URL supplied to SSO provider. Useful for providers that do not allow the @ sign in the URL (e.g. Azure). ''; default = "@"; type = enum [ "@" "_" ]; }; }; }); example = literalExpression '' Loading Loading @@ -105,6 +136,7 @@ in description = '' Configure the domain name of this Warpgate instance. See [HTTP domain binding](https://warpgate.null.page/http-domain-binding/). This option is considered legacy, please use protocol specific `external_host` instead. ''; default = null; type = nullOr str; Loading @@ -128,6 +160,11 @@ in default = "[::]:2222"; type = str; }; external_host = mkOption { description = "The SSH listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The SSH listener is reachable via this port externally."; default = null; Loading Loading @@ -164,6 +201,11 @@ in default = "[::]:8888"; type = str; }; external_host = mkOption { description = "The HTTP listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The HTTP listener is reachable via this port externally."; default = null; Loading Loading @@ -239,6 +281,11 @@ in default = "[::]:33306"; type = str; }; external_host = mkOption { description = "The MySQL listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The MySQL listener is reachable via this port externally."; default = null; Loading Loading @@ -266,6 +313,11 @@ in default = "[::]:55432"; type = str; }; external_host = mkOption { description = "The PostgreSQL listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The PostgreSQL listener is reachable via this port externally."; default = null; Loading @@ -282,9 +334,59 @@ in type = str; }; }; kubernetes = { enable = mkOption { description = "Whether to enable Kubernetes listener."; default = false; type = bool; }; listen = mkOption { description = "Listen endpoint of Kubernetes listener."; default = "[::]:8443"; type = str; }; external_host = mkOption { description = "The Kubernetes listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The Kubernetes listener is reachable via this port externally."; default = null; type = nullOr str; }; certificate = mkOption { description = "Path to Kubernetes listener certificate."; default = "/var/lib/warpgate/tls.certificate.pem"; type = str; }; key = mkOption { description = "Path to Kubernetes listener private key."; default = "/var/lib/warpgate/tls.key.pem"; type = str; }; session_max_age = mkOption { description = "How long until a logged in session expires."; default = "30m"; type = str; }; }; log = { format = mkOption { description = "The format Warpgate emits logs in."; default = "text"; type = enum [ "text" "json" ]; }; audit_retention = mkOption { description = "How long Warpgate keeps its audit logs."; default = "1year"; type = str; }; retention = mkOption { description = "How long Warpgate keep its logs."; description = "How long Warpgate keeps its non-audit logs and session recordings."; default = "7days"; type = str; }; Loading @@ -297,17 +399,6 @@ in type = nullOr str; }; }; config_provider = mkOption { description = '' Source of truth of users. DO NOT change this, Warpgate only implemented database provider. ''; default = "database"; type = enum [ "file" "database" ]; }; }; }; default = { }; Loading Loading @@ -372,6 +463,10 @@ in assertion = !((cfg.databaseUrlFile == null) && (cfg.settings.database_url == null)); message = "Either databaseUrlFile or settings.database_url must be set; Set the other to null."; } { assertion = !(lib.hasAttr "config_provider" cfg.settings); message = "`services.warpgate.settings.config_provider` is a legacy option that has been removed since 0.14.0. Please do not set this option."; } ]; environment.systemPackages = [ cfg.package ]; Loading pkgs/by-name/wa/warpgate/hardcode-version.patch +2 −2 Original line number Diff line number Diff line diff --git a/warpgate-common/src/version.rs b/warpgate-common/src/version.rs index 07db547..2a7967f 100644 index 0e7985a..62c2b67 100644 --- a/warpgate-common/src/version.rs +++ b/warpgate-common/src/version.rs @@ -1,8 +1,3 @@ -use git_version::git_version; - pub fn warpgate_version() -> &'static str { pub const fn warpgate_version() -> &'static str { - git_version!( - args = ["--tags", "--always", "--dirty=-modified"], - fallback = "unknown" Loading pkgs/by-name/wa/warpgate/package.nix +5 −6 Original line number Diff line number Diff line Loading @@ -20,9 +20,7 @@ rustPlatform.buildRustPackage ( patches = [ ./web-ui-package-json.patch ]; npmDepsHash = "sha256-jgsNF93DkEVgPGzdi192HKoSHPYhdrtog28jZvOLK6E="; # Fix peer dependency conflicts with ESLint 9. npmFlags = [ "--legacy-peer-deps" ]; npmDepsHash = "sha256-jRY3vR9rwqQc1WjxIuPb797ZXXrgDYNZ947fERxJ0zA="; nativeBuildInputs = [ openapi-generator-cli ]; Loading @@ -37,19 +35,20 @@ rustPlatform.buildRustPackage ( in { pname = "warpgate"; version = "0.18.0"; version = "0.23.1"; src = fetchFromGitHub { owner = "warp-tech"; repo = "warpgate"; tag = "v${finalAttrs.version}"; hash = "sha256-GLY/VGEKB6gFNTbBlbhpmqQZ62pk2wd6JwWwy4Tz0FE="; hash = "sha256-GayjhHkD9LtuR7dz7tw1smz4fPwOl8R9X9QTgx9snnM="; }; cargoHash = "sha256-hwAtj8tTDsYgzuDobMg97wepKKIpohSVClyRiaDd+8w="; cargoHash = "sha256-Y3oVvQkZDmGmmxUYrWSP6qKZ4hgjly+t98PRmi88oaY="; patches = [ (replaceVars ./hardcode-version.patch { inherit (finalAttrs) version; }) ./remove-nightly-rustflags.patch ]; env.RUSTFLAGS = "--cfg tokio_unstable"; Loading pkgs/by-name/wa/warpgate/remove-nightly-rustflags.patch 0 → 100644 +26 −0 Original line number Diff line number Diff line diff --git a/Cargo.toml b/Cargo.toml index 0e92acb..d187ebc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -100,21 +100,3 @@ strip = "debuginfo" [profile.coverage] inherits = "dev" # rustflags = ["-Cinstrument-coverage"] - -[profile.dev.package.aws-sdk-ec2] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-ec2] -rustflags = ["-Zhint-mostly-unused"] - -[profile.dev.package.aws-sdk-rds] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-rds] -rustflags = ["-Zhint-mostly-unused"] - -[profile.dev.package.aws-sdk-eks] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-eks] -rustflags = ["-Zhint-mostly-unused"] Loading
nixos/modules/services/security/warpgate.nix +110 −15 Original line number Diff line number Diff line Loading @@ -51,7 +51,10 @@ in freeformType = yaml.type; options = { sso_providers = mkOption { description = "Configure OIDC single sign-on providers."; description = '' Configure OIDC single sign-on providers. Main documentation can be found [here](https://warpgate.null.page/sso). ''; default = [ ]; type = listOf (submodule { freeformType = yaml.type; Loading @@ -62,12 +65,40 @@ in }; label = mkOption { description = "SSO provider name displayed on login page."; type = str; default = null; type = nullOr str; }; auto_create_users = mkOption { description = "Whether to create user automatically at first SSO login."; default = false; type = bool; }; provider = mkOption { description = "SSO provider configurations."; description = '' SSO provider configurations. See [here](https://github.com/warp-tech/warpgate/blob/ffc755f0137944bd39cf4cbce90f4279da500943/config-schema.json#L430) for all acceptable options. ''; type = attrsOf yaml.type; }; return_domain_whitelist = mkOption { description = '' Controls the SSO return URL supplied to SSO provider. This will also required you to connect to this instance via whitelisted domain when doing SSO login. ''; default = null; type = nullOr (listOf str); }; return_url_prefix = mkOption { description = '' Controls the SSO return URL supplied to SSO provider. Useful for providers that do not allow the @ sign in the URL (e.g. Azure). ''; default = "@"; type = enum [ "@" "_" ]; }; }; }); example = literalExpression '' Loading Loading @@ -105,6 +136,7 @@ in description = '' Configure the domain name of this Warpgate instance. See [HTTP domain binding](https://warpgate.null.page/http-domain-binding/). This option is considered legacy, please use protocol specific `external_host` instead. ''; default = null; type = nullOr str; Loading @@ -128,6 +160,11 @@ in default = "[::]:2222"; type = str; }; external_host = mkOption { description = "The SSH listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The SSH listener is reachable via this port externally."; default = null; Loading Loading @@ -164,6 +201,11 @@ in default = "[::]:8888"; type = str; }; external_host = mkOption { description = "The HTTP listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The HTTP listener is reachable via this port externally."; default = null; Loading Loading @@ -239,6 +281,11 @@ in default = "[::]:33306"; type = str; }; external_host = mkOption { description = "The MySQL listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The MySQL listener is reachable via this port externally."; default = null; Loading Loading @@ -266,6 +313,11 @@ in default = "[::]:55432"; type = str; }; external_host = mkOption { description = "The PostgreSQL listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The PostgreSQL listener is reachable via this port externally."; default = null; Loading @@ -282,9 +334,59 @@ in type = str; }; }; kubernetes = { enable = mkOption { description = "Whether to enable Kubernetes listener."; default = false; type = bool; }; listen = mkOption { description = "Listen endpoint of Kubernetes listener."; default = "[::]:8443"; type = str; }; external_host = mkOption { description = "The Kubernetes listener is reachable via this domain name externally."; default = null; type = nullOr str; }; external_port = mkOption { description = "The Kubernetes listener is reachable via this port externally."; default = null; type = nullOr str; }; certificate = mkOption { description = "Path to Kubernetes listener certificate."; default = "/var/lib/warpgate/tls.certificate.pem"; type = str; }; key = mkOption { description = "Path to Kubernetes listener private key."; default = "/var/lib/warpgate/tls.key.pem"; type = str; }; session_max_age = mkOption { description = "How long until a logged in session expires."; default = "30m"; type = str; }; }; log = { format = mkOption { description = "The format Warpgate emits logs in."; default = "text"; type = enum [ "text" "json" ]; }; audit_retention = mkOption { description = "How long Warpgate keeps its audit logs."; default = "1year"; type = str; }; retention = mkOption { description = "How long Warpgate keep its logs."; description = "How long Warpgate keeps its non-audit logs and session recordings."; default = "7days"; type = str; }; Loading @@ -297,17 +399,6 @@ in type = nullOr str; }; }; config_provider = mkOption { description = '' Source of truth of users. DO NOT change this, Warpgate only implemented database provider. ''; default = "database"; type = enum [ "file" "database" ]; }; }; }; default = { }; Loading Loading @@ -372,6 +463,10 @@ in assertion = !((cfg.databaseUrlFile == null) && (cfg.settings.database_url == null)); message = "Either databaseUrlFile or settings.database_url must be set; Set the other to null."; } { assertion = !(lib.hasAttr "config_provider" cfg.settings); message = "`services.warpgate.settings.config_provider` is a legacy option that has been removed since 0.14.0. Please do not set this option."; } ]; environment.systemPackages = [ cfg.package ]; Loading
pkgs/by-name/wa/warpgate/hardcode-version.patch +2 −2 Original line number Diff line number Diff line diff --git a/warpgate-common/src/version.rs b/warpgate-common/src/version.rs index 07db547..2a7967f 100644 index 0e7985a..62c2b67 100644 --- a/warpgate-common/src/version.rs +++ b/warpgate-common/src/version.rs @@ -1,8 +1,3 @@ -use git_version::git_version; - pub fn warpgate_version() -> &'static str { pub const fn warpgate_version() -> &'static str { - git_version!( - args = ["--tags", "--always", "--dirty=-modified"], - fallback = "unknown" Loading
pkgs/by-name/wa/warpgate/package.nix +5 −6 Original line number Diff line number Diff line Loading @@ -20,9 +20,7 @@ rustPlatform.buildRustPackage ( patches = [ ./web-ui-package-json.patch ]; npmDepsHash = "sha256-jgsNF93DkEVgPGzdi192HKoSHPYhdrtog28jZvOLK6E="; # Fix peer dependency conflicts with ESLint 9. npmFlags = [ "--legacy-peer-deps" ]; npmDepsHash = "sha256-jRY3vR9rwqQc1WjxIuPb797ZXXrgDYNZ947fERxJ0zA="; nativeBuildInputs = [ openapi-generator-cli ]; Loading @@ -37,19 +35,20 @@ rustPlatform.buildRustPackage ( in { pname = "warpgate"; version = "0.18.0"; version = "0.23.1"; src = fetchFromGitHub { owner = "warp-tech"; repo = "warpgate"; tag = "v${finalAttrs.version}"; hash = "sha256-GLY/VGEKB6gFNTbBlbhpmqQZ62pk2wd6JwWwy4Tz0FE="; hash = "sha256-GayjhHkD9LtuR7dz7tw1smz4fPwOl8R9X9QTgx9snnM="; }; cargoHash = "sha256-hwAtj8tTDsYgzuDobMg97wepKKIpohSVClyRiaDd+8w="; cargoHash = "sha256-Y3oVvQkZDmGmmxUYrWSP6qKZ4hgjly+t98PRmi88oaY="; patches = [ (replaceVars ./hardcode-version.patch { inherit (finalAttrs) version; }) ./remove-nightly-rustflags.patch ]; env.RUSTFLAGS = "--cfg tokio_unstable"; Loading
pkgs/by-name/wa/warpgate/remove-nightly-rustflags.patch 0 → 100644 +26 −0 Original line number Diff line number Diff line diff --git a/Cargo.toml b/Cargo.toml index 0e92acb..d187ebc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -100,21 +100,3 @@ strip = "debuginfo" [profile.coverage] inherits = "dev" # rustflags = ["-Cinstrument-coverage"] - -[profile.dev.package.aws-sdk-ec2] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-ec2] -rustflags = ["-Zhint-mostly-unused"] - -[profile.dev.package.aws-sdk-rds] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-rds] -rustflags = ["-Zhint-mostly-unused"] - -[profile.dev.package.aws-sdk-eks] -rustflags = ["-Zhint-mostly-unused"] - -[profile.release.package.aws-sdk-eks] -rustflags = ["-Zhint-mostly-unused"]
