oauth2_proxy: create new module for service #15283
Conversation
|
By analyzing the blame information on this pull request, we identified @edolstra, @bjornfor and @offlinehacker to be potential reviewers |
| serviceConfig = { | ||
| User = "oauth2_proxy"; | ||
| Restart = "always"; | ||
| # Arbitrarily chosen value. |
There was a problem hiding this comment.
If it's arbitrary, maybe rely on the default?
| default = null; | ||
| description = '' | ||
| Authentication endpoint. | ||
|
|
There was a problem hiding this comment.
Note that empty lines will not show up in the manual.
There was a problem hiding this comment.
Noted. I think the newlines here make it easier to read in the file. Any objection to me leaving them as is?
|
Thank you for the comments & sorry for the delay in replying. I think I've addressed everything that has been raised, so please take a look. |
|
According to travis there's a problem with one of the option declarations |
|
Option declaration fixed. AFAICT the remaining build failure isn't one of mine. |
|
Please squash when you're ready to merge. |
|
Done. |
| --cookie-expire=${cfg.cookie.expire} \ | ||
| --cookie-httponly=${fromBool cfg.cookie.httpOnly} \ | ||
| --cookie-name=${cfg.cookie.name} \ | ||
| --cookie-secret=${cfg.cookie.secret} \ |
There was a problem hiding this comment.
Hey, first: nice work.
I just tried this and I think the values need either explicit escaping or at least '..' around the arguments
[1]
https://www.freedesktop.org/software/systemd/man/systemd-escape.html
There was a problem hiding this comment.
Done.
I've rebased as well to avoid an extra roundtrip.
|
@joachifm - I tested this and it works as advertised so I think we can merge. |
This patch adds a module for oauth2_proxy, exposing all of the options for the binary in what I hope is a sensible manner.
I've tested the module on my own (alas, private) NixOS deployment. I looked through the todo list below and they all seem like options relevant to packages rather than modules.
This is my first substantive patch to NixOS, so please let me know if I'm missing any conventions.
Thanks,
jml
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)This change is