diff options
| -rw-r--r-- | machines/vbox.nix | 8 | ||||
| -rw-r--r-- | modules/apps/sproxy.nix | 143 | ||||
| -rw-r--r-- | modules/pkgs/sproxy/cabal2nix.nix | 25 | ||||
| -rw-r--r-- | modules/pkgs/sproxy/default.nix | 4 |
4 files changed, 0 insertions, 180 deletions
diff --git a/machines/vbox.nix b/machines/vbox.nix index 946eada..26741eb 100644 --- a/machines/vbox.nix +++ b/machines/vbox.nix @@ -48,14 +48,6 @@ in { ssl_key = mkForce "${pkgs.fakeSSL}/key.pem"; }; - nixsap.apps.sproxy = { - sslCert = mkForce "${pkgs.fakeSSL}/cert.pem"; - sslKey = mkForce "${pkgs.fakeSSL}/key.pem"; - cookieName = mkForce "sproxy_vbox"; - logLevel = mkForce "debug"; - database = mkForce "user=sproxy-readonly dbname=sproxy port=${toString apps.postgresql.fcebkl.server.port}"; - }; - nixsap.apps.sproxy-web = { connectionString = mkForce "user=sproxy dbname=sproxy port=${toString apps.postgresql.fcebkl.server.port}"; }; diff --git a/modules/apps/sproxy.nix b/modules/apps/sproxy.nix deleted file mode 100644 index f6eb2af..0000000 --- a/modules/apps/sproxy.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - - inherit (builtins) toString; - inherit (lib) - filterAttrs hasPrefix mapAttrsToList - mkEnableOption concatStrings mkIf mkOption types ; - inherit (types) - enum int nullOr attrsOf path str submodule ; - - explicit = filterAttrs (n: v: n != "_module" && v != null); - - cfg = config.nixsap.apps.sproxy; - - oauth2Options = concatStrings (mapAttrsToList (n: c: - if n == "google" then '' - client_id : ${c.client_id} - client_secret : ${c.client_secret_file} - '' else '' - ${n}_client_id : ${c.client_id} - ${n}_client_secret : ${c.client_secret_file} - '' - ) (explicit cfg.oauth2)); - - configFile = pkgs.writeText "sproxy.conf" '' - ${oauth2Options} - user : ${cfg.user} - cookie_domain : ${cfg.cookieDomain} - cookie_name : ${cfg.cookieName} - database : "${cfg.database}" - listen : 443 - log_level : ${cfg.logLevel} - log_target : stderr - ssl_certs : ${cfg.sslCert} - ssl_key : ${cfg.sslKey} - session_shelf_life : ${toString cfg.sessionShelfLife} - ${if cfg.backendSocket != null then '' - backend_socket : ${cfg.backendSocket} - '' else '' - backend_address : ${cfg.backendAddress} - backend_port : ${toString cfg.backendPort} - ''} - ''; - - keys = [ cfg.sslKey ] - ++ mapAttrsToList (_: c: c.client_secret_file) (explicit cfg.oauth2) - ; - - oauth2 = mkOption { - type = attrsOf (submodule { - options = { - client_id = mkOption { - type = str; - description = "OAuth2 client id"; - }; - client_secret_file = mkOption { - type = path; - description = "File with OAuth2 client secret"; - }; - }; - }); - example = { - google.client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"; - google.client_secret_file = "/run/keys/google_oauth2_secret"; - }; - }; - -in { - options.nixsap.apps.sproxy = { - enable = mkEnableOption "SProxy"; - inherit oauth2; - user = mkOption { - description = "User to run as"; - default = "sproxy"; - type = str; - }; - cookieDomain = mkOption { - description = "Cookie domain"; - type = str; - example = "example.com"; - }; - cookieName = mkOption { - description = "Cookie name"; - type = str; - example = "sproxy"; - }; - logLevel = mkOption { - description = "Log level"; - default = "info"; - type = enum [ "info" "warn" "debug" ]; - }; - sslCert = mkOption { - description = "SSL certificate (in PEM format)"; - type = path; - }; - sslKey = mkOption { - description = "SSL key (in PEM format) - secret"; - type = path; - }; - backendAddress = mkOption { - description = "Backend TCP address"; - type = str; - default = "127.0.0.1"; - }; - backendPort = mkOption { - description = "Backend TCP port"; - type = int; - example = 8080; - }; - backendSocket = mkOption { - description = "Backend UNIX socket. If set, other backend options are ignored"; - type = nullOr path; - default = null; - }; - database = mkOption { - description = "PostgreSQL connection string"; - type = str; - example = "user=sproxy dbname=sproxy port=6001"; - }; - sessionShelfLife = mkOption { - description = "Session shelf life in seconds"; - type = int; - default = 3600 * 24 * 14; # two weeks - }; - }; - - config = mkIf cfg.enable { - nixsap.system.users.daemons = [ cfg.user ]; - nixsap.deployment.keyrings.${cfg.user} = keys; - systemd.services.sproxy = { - description = "Sproxy secure proxy"; - wantedBy = [ "multi-user.target" ]; - wants = [ "keys.target" ]; - after = [ "keys.target" "network.target" "local-fs.target" ]; - serviceConfig = { - ExecStart = "${pkgs.sproxy}/bin/sproxy --config=${configFile}"; - Restart = "on-failure"; - }; - }; - }; -} - diff --git a/modules/pkgs/sproxy/cabal2nix.nix b/modules/pkgs/sproxy/cabal2nix.nix deleted file mode 100644 index 1a7b3f6..0000000 --- a/modules/pkgs/sproxy/cabal2nix.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ mkDerivation, aeson, attoparsec, base, base64-bytestring -, bytestring, containers, data-default, docopt, entropy, fetchgit -, http-conduit, http-kit, http-types, interpolatedstring-perl6 -, network, postgresql-simple, resource-pool, SHA, split, stdenv -, text, time, tls, unix, utf8-string, x509, yaml -}: -mkDerivation { - pname = "sproxy"; - version = "0.9.8"; - src = fetchgit { - url = "https://github.com/zalora/sproxy.git"; - sha256 = "40d86e00cfbdc96033ca53e773a7467cd3e2206856d27e4a24076d9449c46ca7"; - rev = "507a0984d4ce01ef0d83e7cda37cba5c80a33b75"; - }; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - aeson attoparsec base base64-bytestring bytestring containers - data-default docopt entropy http-conduit http-kit http-types - interpolatedstring-perl6 network postgresql-simple resource-pool - SHA split text time tls unix utf8-string x509 yaml - ]; - description = "HTTP proxy for authenticating users via OAuth2"; - license = stdenv.lib.licenses.mit; -} diff --git a/modules/pkgs/sproxy/default.nix b/modules/pkgs/sproxy/default.nix deleted file mode 100644 index 4afc645..0000000 --- a/modules/pkgs/sproxy/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ stdenv, haskellPackages }: - -haskellPackages.callPackage ./cabal2nix.nix {} - |