Revert "oauth2_proxy: Update NixOS module"

This reverts commit 3c55184.
serokell · May 22, 2020 · 07bddd2 · 07bddd2
1 parent 30e9182
commit 07bddd2
Showing 1 changed file with 5 additions and 24 deletions.
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix
@@ -12,7 +12,7 @@ let
   # command-line to launch oauth2_proxy.
   providerSpecificOptions = {
     azure = cfg: {
-      azure-tenant = cfg.azure.tenant;
+      azure.tenant = cfg.azure.tenant;
       resource = cfg.azure.resource;
     };
 
@@ -44,7 +44,6 @@ let
     pass-access-token = passAccessToken;
     pass-basic-auth = passBasicAuth;
     pass-host-header = passHostHeader;
-    reverse-proxy = reverseProxy;
     proxy-prefix = proxyPrefix;
     profile-url = profileURL;
     redeem-url = redeemURL;
@@ -66,8 +65,8 @@ let
   } // lib.optionalAttrs (cfg.htpasswd.file != null) {
     display-htpasswd-file = cfg.htpasswd.displayForm;
   } // lib.optionalAttrs tls.enable {
-    tls-cert-file = tls.certificate;
-    tls-key-file = tls.key;
+    tls-cert = tls.certificate;
+    tls-key = tls.key;
     https-address = tls.httpsAddress;
   } // (getProviderOptions cfg cfg.provider) // cfg.extraConfig;
 
@@ -99,21 +98,14 @@ in
 
     ##############################################
     # PROVIDER configuration
-    # Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go
     provider = mkOption {
       type = types.enum [
         "google"
-        "azure"
-        "facebook"
         "github"
-        "keycloak"
+        "azure"
         "gitlab"
         "linkedin"
-        "login.gov"
-        "bitbucket"
-        "nextcloud"
-        "digitalocean"
-        "oidc"
+        "myusa"
       ];
       default = "google";
       description = ''
@@ -441,17 +433,6 @@ in
       '';
     };
 
-    reverseProxy = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        In case when running behind a reverse proxy, controls whether headers
-	like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
-        proxy will require this flag to be set to avoid logging the reverse
-        proxy IP address.
-      '';
-    };
-
     proxyPrefix = mkOption {
       type = types.str;
       default = "/oauth2";