avoid some impossible states in authelia and nginx

ibizaman · Dec 1, 2023 · 05ce1a3 · 05ce1a3
1 parent 76e27ae
commit 05ce1a3
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 13 deletions.
diff --git a/flake.nix b/flake.nix
@@ -108,6 +108,7 @@
                 mergeTests (importFiles [
                   ./test/modules/arr.nix
                   ./test/modules/davfs.nix
+                  ./test/modules/nginx.nix
                   ./test/modules/postgresql.nix
                 ]);
             };

diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix
@@ -36,17 +36,9 @@ in
     };
 
     autheliaUser = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      description = ''System user for this Authelia instance.
-
-If set to null, defaults to:
-<programlisting language="nix">
-"authelia_" +
-  (builtins.replaceStrings ["-" "."] ["_" "_"]
-    ''${shb.authelia.subdomain}.''${shb.authelia.domain}")
-</programlisting>
-'';
-      default = null;
+      type = lib.types.str;
+      description = "System user for this Authelia instance.";
+      default = "authelia";
     };
 
     secrets = lib.mkOption {
@@ -120,7 +112,7 @@ If set to null, defaults to:
 
     services.authelia.instances.${fqdn} = {
       enable = true;
-      user = cfg.autheliaUser or "authelia_" + builtins.replaceStrings ["-" "."] ["_" "_"] fqdn;
+      user = cfg.autheliaUser;
 
       secrets = {
         inherit (cfg.secrets) jwtSecretFile storageEncryptionKeyFile;

diff --git a/modules/blocks/nginx.nix b/modules/blocks/nginx.nix
@@ -20,7 +20,7 @@ let
       };
 
       authEndpoint = lib.mkOption {
-        type = lib.types.nullOr lib.types.str;
+        type = lib.types.str;
         description = "Auth endpoint for SSO.";
         default = null;
         example = "https://authelia.example.com";

diff --git a/test/modules/nginx.nix b/test/modules/nginx.nix
@@ -0,0 +1,81 @@
+{ pkgs, lib, ... }:
+let
+  anyOpt = default: lib.mkOption {
+    type = lib.types.anything;
+    inherit default;
+  };
+
+  testConfig = m:
+    let
+      cfg = (lib.evalModules {
+        specialArgs = { inherit pkgs; };
+        modules = [
+          {
+            options = {
+              assertions = anyOpt [];
+              networking = anyOpt {};
+              security = anyOpt {};
+              services = anyOpt {};
+              shb.authelia = anyOpt {};
+              shb.backup = anyOpt {};
+              shb.ssl = anyOpt {};
+            };
+          }
+          ../../modules/blocks/nginx.nix
+          m
+        ];
+      }).config;
+    in lib.attrsets.filterAttrsRecursive (n: v: n != "extraConfig") {
+      inherit (cfg) services;
+      shb = { inherit (cfg.shb) backup nginx; };
+    };
+in
+{
+  testNoOptions = {
+    expected = {
+      shb.backup = {};
+      shb.nginx = {
+        accessLog = false;
+        autheliaProtect = [];
+        debugLog = false;
+      };
+      services.nginx.enable = true;
+    };
+    expr = testConfig {};
+  };
+
+  testAuth = {
+    expected = {
+      shb.backup = {};
+      shb.nginx = {
+        accessLog = false;
+        autheliaProtect = [{
+          authEndpoint = "hello";
+          autheliaRules = [{}];
+          subdomain = "my";
+          domain = "example.com";
+          upstream = "http://127.0.0.1:1234";
+        }];
+        debugLog = false;
+      };
+      services.nginx.enable = true;
+      services.nginx.virtualHosts."my.example.com" = {
+        forceSSL = true;
+        locations."/" = {};
+        locations."/authelia" = {};
+        sslCertificate = "/var/lib/acme/example.com/cert.pem";
+        sslCertificateKey = "/var/lib/acme/example.com/key.pem";
+      };
+    };
+    expr = testConfig {
+      shb.ssl.enable = true;
+      shb.nginx.autheliaProtect = [{
+        subdomain = "my";
+        domain = "example.com";
+        upstream = "http://127.0.0.1:1234";
+        authEndpoint = "hello";
+        autheliaRules = [{}];
+      }];
+    };
+  };
+}