Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 6eb1020cbfcd
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 784aa2913ae8
Choose a head ref
  • 5 commits
  • 3 files changed
  • 2 contributors

Commits on Apr 20, 2020

  1. oauth2_proxy: 3.2.0 -> 5.1.0 

    v3.2.0 is 11 months old.

v5.1.0 brings new providers and fixes security vulnerabilities. In addition, the
project switched to go 1.14 and uses go modules, which is now reflected in the
build process.

NOTE: There are many breaking changes, which are then reflected in the NixOS
services configuration.
    @knl
    knl committed Apr 20, 2020
    Copy the full SHA
    6256d88 View commit details

  2. oauth2_proxy: Update NixOS module 

    Update to match the current flags and apply fixes to all breaking changes.
    @knl
    knl committed Apr 20, 2020
    Copy the full SHA
    3c55184 View commit details

  3. oauth2_proxy: Start running tests for oauth2_proxy 

    No NixOS tests yet, but this is better than nothing.
    @knl
    knl committed Apr 20, 2020
    Copy the full SHA
    3552e61 View commit details

  4. oauth2_proxy: Add knl as a maintainer 

    Per request from the current maintainer.
    @knl
    knl committed Apr 20, 2020
    Copy the full SHA
    d31bb1e View commit details

Commits on Apr 22, 2020

  1. Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0 

    oauth2_proxy: 3.2.0 -> 5.1.0
    @basvandijk
    basvandijk authored Apr 22, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    784aa29 View commit details
Showing with 525 additions and 69 deletions.
  1. +24 −5 nixos/modules/services/security/oauth2_proxy.nix
  2. +10 −5 pkgs/servers/oauth2_proxy/default.nix
  3. +491 −59 pkgs/servers/oauth2_proxy/deps.nix
29 changes: 24 additions & 5 deletions nixos/modules/services/security/oauth2_proxy.nix
View file
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@ let
# command-line to launch oauth2_proxy.
providerSpecificOptions = {
azure = cfg: {
azure.tenant = cfg.azure.tenant;
azure-tenant = cfg.azure.tenant;
resource = cfg.azure.resource;
};

@@ -44,6 +44,7 @@ let
pass-access-token = passAccessToken;
pass-basic-auth = passBasicAuth;
pass-host-header = passHostHeader;
reverse-proxy = reverseProxy;
proxy-prefix = proxyPrefix;
profile-url = profileURL;
redeem-url = redeemURL;
@@ -65,8 +66,8 @@ let
} // lib.optionalAttrs (cfg.htpasswd.file != null) {
display-htpasswd-file = cfg.htpasswd.displayForm;
} // lib.optionalAttrs tls.enable {
tls-cert = tls.certificate;
tls-key = tls.key;
tls-cert-file = tls.certificate;
tls-key-file = tls.key;
https-address = tls.httpsAddress;
} // (getProviderOptions cfg cfg.provider) // cfg.extraConfig;

@@ -98,14 +99,21 @@ in

##############################################
# PROVIDER configuration
# Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go
provider = mkOption {
type = types.enum [
"google"
"github"
"azure"
"facebook"
"github"
"keycloak"
"gitlab"
"linkedin"
"myusa"
"login.gov"
"bitbucket"
"nextcloud"
"digitalocean"
"oidc"
];
default = "google";
description = ''
@@ -433,6 +441,17 @@ in
'';
};

reverseProxy = mkOption {
type = types.bool;
default = false;
description = ''
In case when running behind a reverse proxy, controls whether headers
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
proxy will require this flag to be set to avoid logging the reverse
proxy IP address.
'';
};

proxyPrefix = mkOption {
type = types.str;
default = "/oauth2";
15 changes: 10 additions & 5 deletions pkgs/servers/oauth2_proxy/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,23 +2,28 @@

buildGoPackage rec {
pname = "oauth2_proxy";
version = "3.2.0";
version = "5.1.0";

goPackagePath = "github.com/pusher/${pname}";

src = fetchFromGitHub {
repo = pname;
owner = "pusher";
sha256 = "0k73ggyh12g2vzjq91i9d3bxbqfvh5k6njzza1lvkzasgp07wisg";
sha256 = "190k1v2c1f6vp9waqs01rlzm0jc3vrmsq1w1n0c2q2nfqx76y2wz";
rev = "v${version}";
};

goDeps = ./deps.nix;

doCheck = true;

# Taken from https://github.com/oauth2-proxy/oauth2-proxy/blob/master/Makefile
buildFlagsArray = ("-ldflags=-X main.VERSION=${version}");

meta = with lib; {
description = "A reverse proxy that provides authentication with Google, Github or other provider";
description = "A reverse proxy that provides authentication with Google, Github, or other providers";
homepage = "https://github.com/pusher/oauth2_proxy/";
license = licenses.mit;
maintainers = [ maintainers.yorickvp ];
maintainers = with maintainers; [ yorickvp knl ];
};
}
550 changes: 491 additions & 59 deletions pkgs/servers/oauth2_proxy/deps.nix
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.