-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oauth2_proxy: create new module for service #15283
Conversation
By analyzing the blame information on this pull request, we identified @edolstra, @bjornfor and @offlinehacker to be potential reviewers |
serviceConfig = { | ||
User = "oauth2_proxy"; | ||
Restart = "always"; | ||
# Arbitrarily chosen value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's arbitrary, maybe rely on the default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call. Removed.
default = null; | ||
description = '' | ||
Authentication endpoint. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that empty lines will not show up in the manual.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noted. I think the newlines here make it easier to read in the file. Any objection to me leaving them as is?
Thank you for the comments & sorry for the delay in replying. I think I've addressed everything that has been raised, so please take a look. |
According to travis there's a problem with one of the option declarations |
Option declaration fixed. AFAICT the remaining build failure isn't one of mine. |
Please squash when you're ready to merge. |
Done. |
--cookie-expire=${cfg.cookie.expire} \ | ||
--cookie-httponly=${fromBool cfg.cookie.httpOnly} \ | ||
--cookie-name=${cfg.cookie.name} \ | ||
--cookie-secret=${cfg.cookie.secret} \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, first: nice work.
I just tried this and I think the values need either explicit escaping or at least '..'
around the arguments
[1]
https://www.freedesktop.org/software/systemd/man/systemd-escape.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
I've rebased as well to avoid an extra roundtrip.
@joachifm - I tested this and it works as advertised so I think we can merge. |
This patch adds a module for oauth2_proxy, exposing all of the options for the binary in what I hope is a sensible manner.
I've tested the module on my own (alas, private) NixOS deployment. I looked through the todo list below and they all seem like options relevant to packages rather than modules.
This is my first substantive patch to NixOS, so please let me know if I'm missing any conventions.
Thanks,
jml
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)This change is