aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--machines/vbox.nix8
-rw-r--r--modules/apps/sproxy.nix143
-rw-r--r--modules/pkgs/sproxy/cabal2nix.nix25
-rw-r--r--modules/pkgs/sproxy/default.nix4
4 files changed, 0 insertions, 180 deletions
diff --git a/machines/vbox.nix b/machines/vbox.nix
index 946eada..26741eb 100644
--- a/machines/vbox.nix
+++ b/machines/vbox.nix
@@ -48,14 +48,6 @@ in {
ssl_key = mkForce "${pkgs.fakeSSL}/key.pem";
};
- nixsap.apps.sproxy = {
- sslCert = mkForce "${pkgs.fakeSSL}/cert.pem";
- sslKey = mkForce "${pkgs.fakeSSL}/key.pem";
- cookieName = mkForce "sproxy_vbox";
- logLevel = mkForce "debug";
- database = mkForce "user=sproxy-readonly dbname=sproxy port=${toString apps.postgresql.fcebkl.server.port}";
- };
-
nixsap.apps.sproxy-web = {
connectionString = mkForce "user=sproxy dbname=sproxy port=${toString apps.postgresql.fcebkl.server.port}";
};
diff --git a/modules/apps/sproxy.nix b/modules/apps/sproxy.nix
deleted file mode 100644
index f6eb2af..0000000
--- a/modules/apps/sproxy.nix
+++ /dev/null
@@ -1,143 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-
- inherit (builtins) toString;
- inherit (lib)
- filterAttrs hasPrefix mapAttrsToList
- mkEnableOption concatStrings mkIf mkOption types ;
- inherit (types)
- enum int nullOr attrsOf path str submodule ;
-
- explicit = filterAttrs (n: v: n != "_module" && v != null);
-
- cfg = config.nixsap.apps.sproxy;
-
- oauth2Options = concatStrings (mapAttrsToList (n: c:
- if n == "google" then ''
- client_id : ${c.client_id}
- client_secret : ${c.client_secret_file}
- '' else ''
- ${n}_client_id : ${c.client_id}
- ${n}_client_secret : ${c.client_secret_file}
- ''
- ) (explicit cfg.oauth2));
-
- configFile = pkgs.writeText "sproxy.conf" ''
- ${oauth2Options}
- user : ${cfg.user}
- cookie_domain : ${cfg.cookieDomain}
- cookie_name : ${cfg.cookieName}
- database : "${cfg.database}"
- listen : 443
- log_level : ${cfg.logLevel}
- log_target : stderr
- ssl_certs : ${cfg.sslCert}
- ssl_key : ${cfg.sslKey}
- session_shelf_life : ${toString cfg.sessionShelfLife}
- ${if cfg.backendSocket != null then ''
- backend_socket : ${cfg.backendSocket}
- '' else ''
- backend_address : ${cfg.backendAddress}
- backend_port : ${toString cfg.backendPort}
- ''}
- '';
-
- keys = [ cfg.sslKey ]
- ++ mapAttrsToList (_: c: c.client_secret_file) (explicit cfg.oauth2)
- ;
-
- oauth2 = mkOption {
- type = attrsOf (submodule {
- options = {
- client_id = mkOption {
- type = str;
- description = "OAuth2 client id";
- };
- client_secret_file = mkOption {
- type = path;
- description = "File with OAuth2 client secret";
- };
- };
- });
- example = {
- google.client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com";
- google.client_secret_file = "/run/keys/google_oauth2_secret";
- };
- };
-
-in {
- options.nixsap.apps.sproxy = {
- enable = mkEnableOption "SProxy";
- inherit oauth2;
- user = mkOption {
- description = "User to run as";
- default = "sproxy";
- type = str;
- };
- cookieDomain = mkOption {
- description = "Cookie domain";
- type = str;
- example = "example.com";
- };
- cookieName = mkOption {
- description = "Cookie name";
- type = str;
- example = "sproxy";
- };
- logLevel = mkOption {
- description = "Log level";
- default = "info";
- type = enum [ "info" "warn" "debug" ];
- };
- sslCert = mkOption {
- description = "SSL certificate (in PEM format)";
- type = path;
- };
- sslKey = mkOption {
- description = "SSL key (in PEM format) - secret";
- type = path;
- };
- backendAddress = mkOption {
- description = "Backend TCP address";
- type = str;
- default = "127.0.0.1";
- };
- backendPort = mkOption {
- description = "Backend TCP port";
- type = int;
- example = 8080;
- };
- backendSocket = mkOption {
- description = "Backend UNIX socket. If set, other backend options are ignored";
- type = nullOr path;
- default = null;
- };
- database = mkOption {
- description = "PostgreSQL connection string";
- type = str;
- example = "user=sproxy dbname=sproxy port=6001";
- };
- sessionShelfLife = mkOption {
- description = "Session shelf life in seconds";
- type = int;
- default = 3600 * 24 * 14; # two weeks
- };
- };
-
- config = mkIf cfg.enable {
- nixsap.system.users.daemons = [ cfg.user ];
- nixsap.deployment.keyrings.${cfg.user} = keys;
- systemd.services.sproxy = {
- description = "Sproxy secure proxy";
- wantedBy = [ "multi-user.target" ];
- wants = [ "keys.target" ];
- after = [ "keys.target" "network.target" "local-fs.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.sproxy}/bin/sproxy --config=${configFile}";
- Restart = "on-failure";
- };
- };
- };
-}
-
diff --git a/modules/pkgs/sproxy/cabal2nix.nix b/modules/pkgs/sproxy/cabal2nix.nix
deleted file mode 100644
index 1a7b3f6..0000000
--- a/modules/pkgs/sproxy/cabal2nix.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ mkDerivation, aeson, attoparsec, base, base64-bytestring
-, bytestring, containers, data-default, docopt, entropy, fetchgit
-, http-conduit, http-kit, http-types, interpolatedstring-perl6
-, network, postgresql-simple, resource-pool, SHA, split, stdenv
-, text, time, tls, unix, utf8-string, x509, yaml
-}:
-mkDerivation {
- pname = "sproxy";
- version = "0.9.8";
- src = fetchgit {
- url = "https://github.com/zalora/sproxy.git";
- sha256 = "40d86e00cfbdc96033ca53e773a7467cd3e2206856d27e4a24076d9449c46ca7";
- rev = "507a0984d4ce01ef0d83e7cda37cba5c80a33b75";
- };
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- aeson attoparsec base base64-bytestring bytestring containers
- data-default docopt entropy http-conduit http-kit http-types
- interpolatedstring-perl6 network postgresql-simple resource-pool
- SHA split text time tls unix utf8-string x509 yaml
- ];
- description = "HTTP proxy for authenticating users via OAuth2";
- license = stdenv.lib.licenses.mit;
-}
diff --git a/modules/pkgs/sproxy/default.nix b/modules/pkgs/sproxy/default.nix
deleted file mode 100644
index 4afc645..0000000
--- a/modules/pkgs/sproxy/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ stdenv, haskellPackages }:
-
-haskellPackages.callPackage ./cabal2nix.nix {}
-