From 4a9bd2f3f17f49639e39bc1e9e8b5a0a5fc7fa40 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Sun, 22 Jan 2017 14:14:39 +0300 Subject: Ditch original sproxy --- modules/apps/sproxy.nix | 143 -------------------------------------- modules/pkgs/sproxy/cabal2nix.nix | 25 ------- modules/pkgs/sproxy/default.nix | 4 -- 3 files changed, 172 deletions(-) delete mode 100644 modules/apps/sproxy.nix delete mode 100644 modules/pkgs/sproxy/cabal2nix.nix delete mode 100644 modules/pkgs/sproxy/default.nix (limited to 'modules') diff --git a/modules/apps/sproxy.nix b/modules/apps/sproxy.nix deleted file mode 100644 index f6eb2af..0000000 --- a/modules/apps/sproxy.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - - inherit (builtins) toString; - inherit (lib) - filterAttrs hasPrefix mapAttrsToList - mkEnableOption concatStrings mkIf mkOption types ; - inherit (types) - enum int nullOr attrsOf path str submodule ; - - explicit = filterAttrs (n: v: n != "_module" && v != null); - - cfg = config.nixsap.apps.sproxy; - - oauth2Options = concatStrings (mapAttrsToList (n: c: - if n == "google" then '' - client_id : ${c.client_id} - client_secret : ${c.client_secret_file} - '' else '' - ${n}_client_id : ${c.client_id} - ${n}_client_secret : ${c.client_secret_file} - '' - ) (explicit cfg.oauth2)); - - configFile = pkgs.writeText "sproxy.conf" '' - ${oauth2Options} - user : ${cfg.user} - cookie_domain : ${cfg.cookieDomain} - cookie_name : ${cfg.cookieName} - database : "${cfg.database}" - listen : 443 - log_level : ${cfg.logLevel} - log_target : stderr - ssl_certs : ${cfg.sslCert} - ssl_key : ${cfg.sslKey} - session_shelf_life : ${toString cfg.sessionShelfLife} - ${if cfg.backendSocket != null then '' - backend_socket : ${cfg.backendSocket} - '' else '' - backend_address : ${cfg.backendAddress} - backend_port : ${toString cfg.backendPort} - ''} - ''; - - keys = [ cfg.sslKey ] - ++ mapAttrsToList (_: c: c.client_secret_file) (explicit cfg.oauth2) - ; - - oauth2 = mkOption { - type = attrsOf (submodule { - options = { - client_id = mkOption { - type = str; - description = "OAuth2 client id"; - }; - client_secret_file = mkOption { - type = path; - description = "File with OAuth2 client secret"; - }; - }; - }); - example = { - google.client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"; - google.client_secret_file = "/run/keys/google_oauth2_secret"; - }; - }; - -in { - options.nixsap.apps.sproxy = { - enable = mkEnableOption "SProxy"; - inherit oauth2; - user = mkOption { - description = "User to run as"; - default = "sproxy"; - type = str; - }; - cookieDomain = mkOption { - description = "Cookie domain"; - type = str; - example = "example.com"; - }; - cookieName = mkOption { - description = "Cookie name"; - type = str; - example = "sproxy"; - }; - logLevel = mkOption { - description = "Log level"; - default = "info"; - type = enum [ "info" "warn" "debug" ]; - }; - sslCert = mkOption { - description = "SSL certificate (in PEM format)"; - type = path; - }; - sslKey = mkOption { - description = "SSL key (in PEM format) - secret"; - type = path; - }; - backendAddress = mkOption { - description = "Backend TCP address"; - type = str; - default = "127.0.0.1"; - }; - backendPort = mkOption { - description = "Backend TCP port"; - type = int; - example = 8080; - }; - backendSocket = mkOption { - description = "Backend UNIX socket. If set, other backend options are ignored"; - type = nullOr path; - default = null; - }; - database = mkOption { - description = "PostgreSQL connection string"; - type = str; - example = "user=sproxy dbname=sproxy port=6001"; - }; - sessionShelfLife = mkOption { - description = "Session shelf life in seconds"; - type = int; - default = 3600 * 24 * 14; # two weeks - }; - }; - - config = mkIf cfg.enable { - nixsap.system.users.daemons = [ cfg.user ]; - nixsap.deployment.keyrings.${cfg.user} = keys; - systemd.services.sproxy = { - description = "Sproxy secure proxy"; - wantedBy = [ "multi-user.target" ]; - wants = [ "keys.target" ]; - after = [ "keys.target" "network.target" "local-fs.target" ]; - serviceConfig = { - ExecStart = "${pkgs.sproxy}/bin/sproxy --config=${configFile}"; - Restart = "on-failure"; - }; - }; - }; -} - diff --git a/modules/pkgs/sproxy/cabal2nix.nix b/modules/pkgs/sproxy/cabal2nix.nix deleted file mode 100644 index 1a7b3f6..0000000 --- a/modules/pkgs/sproxy/cabal2nix.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ mkDerivation, aeson, attoparsec, base, base64-bytestring -, bytestring, containers, data-default, docopt, entropy, fetchgit -, http-conduit, http-kit, http-types, interpolatedstring-perl6 -, network, postgresql-simple, resource-pool, SHA, split, stdenv -, text, time, tls, unix, utf8-string, x509, yaml -}: -mkDerivation { - pname = "sproxy"; - version = "0.9.8"; - src = fetchgit { - url = "https://github.com/zalora/sproxy.git"; - sha256 = "40d86e00cfbdc96033ca53e773a7467cd3e2206856d27e4a24076d9449c46ca7"; - rev = "507a0984d4ce01ef0d83e7cda37cba5c80a33b75"; - }; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - aeson attoparsec base base64-bytestring bytestring containers - data-default docopt entropy http-conduit http-kit http-types - interpolatedstring-perl6 network postgresql-simple resource-pool - SHA split text time tls unix utf8-string x509 yaml - ]; - description = "HTTP proxy for authenticating users via OAuth2"; - license = stdenv.lib.licenses.mit; -} diff --git a/modules/pkgs/sproxy/default.nix b/modules/pkgs/sproxy/default.nix deleted file mode 100644 index 4afc645..0000000 --- a/modules/pkgs/sproxy/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ stdenv, haskellPackages }: - -haskellPackages.callPackage ./cabal2nix.nix {} - -- cgit v1.2.3