aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/services/security/nginx-sso.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/security/nginx-sso.nix')
-rw-r--r--nixpkgs/nixos/modules/services/security/nginx-sso.nix58
1 files changed, 58 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/security/nginx-sso.nix b/nixpkgs/nixos/modules/services/security/nginx-sso.nix
new file mode 100644
index 00000000000..d792f90abe6
--- /dev/null
+++ b/nixpkgs/nixos/modules/services/security/nginx-sso.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.nginx.sso;
+ pkg = getBin pkgs.nginx-sso;
+ configYml = pkgs.writeText "nginx-sso.yml" (builtins.toJSON cfg.configuration);
+in {
+ options.services.nginx.sso = {
+ enable = mkEnableOption "nginx-sso service";
+
+ configuration = mkOption {
+ type = types.attrsOf types.unspecified;
+ default = {};
+ example = literalExample ''
+ {
+ listen = { addr = "127.0.0.1"; port = 8080; };
+
+ providers.token.tokens = {
+ myuser = "MyToken";
+ };
+
+ acl = {
+ rule_sets = [
+ {
+ rules = [ { field = "x-application"; equals = "MyApp"; } ];
+ allow = [ "myuser" ];
+ }
+ ];
+ };
+ }
+ '';
+ description = ''
+ nginx-sso configuration
+ (<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
+ as a Nix attribute set.
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.nginx-sso = {
+ description = "Nginx SSO Backend";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = ''
+ ${pkg}/bin/nginx-sso \
+ --config ${configYml} \
+ --frontend-dir ${pkg}/share/frontend
+ '';
+ Restart = "always";
+ DynamicUser = true;
+ };
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 06:24:25 +0000