mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 20:39:18 -08:00
37 lines
960 B
Nix
37 lines
960 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkMerge mkDefault;
|
|
cfg = config.services.vouch-proxy;
|
|
enableKeycloak = true;
|
|
hassVouch = false;
|
|
in {
|
|
services.vouch-proxy = {
|
|
enable = mkDefault true;
|
|
package = mkIf hassVouch (pkgs.vouch-proxy.overrideAttrs (old: {
|
|
postPatch =
|
|
''
|
|
sed -i handlers/login.go \
|
|
-e 's/badStrings *=.*$/badStrings = []string{}/'
|
|
''
|
|
+ old.postPatch or "";
|
|
doCheck = false;
|
|
}));
|
|
settings = mkMerge [
|
|
{
|
|
vouch.listen = mkDefault "0.0.0.0";
|
|
vouch.cookie.secure = mkDefault false;
|
|
}
|
|
(mkIf enableKeycloak {
|
|
oauth = {
|
|
auth_url = mkDefault "${cfg.authUrl}/protocol/openid-connect/auth";
|
|
token_url = mkDefault "${cfg.authUrl}/protocol/openid-connect/token";
|
|
user_info_url = mkDefault "${cfg.authUrl}/protocol/openid-connect/userinfo";
|
|
};
|
|
})
|
|
];
|
|
};
|
|
}
|