diff --git a/flake.nix b/flake.nix index 10bc8cc8..4219f427 100644 --- a/flake.nix +++ b/flake.nix @@ -108,6 +108,7 @@ mergeTests (importFiles [ ./test/modules/arr.nix ./test/modules/davfs.nix + ./test/modules/nginx.nix ./test/modules/postgresql.nix ]); }; diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix index ef1b1124..a3c3e3db 100644 --- a/modules/blocks/authelia.nix +++ b/modules/blocks/authelia.nix @@ -36,17 +36,9 @@ in }; autheliaUser = lib.mkOption { - type = lib.types.nullOr lib.types.str; - description = ''System user for this Authelia instance. - -If set to null, defaults to: - -"authelia_" + - (builtins.replaceStrings ["-" "."] ["_" "_"] - ''${shb.authelia.subdomain}.''${shb.authelia.domain}") - -''; - default = null; + type = lib.types.str; + description = "System user for this Authelia instance."; + default = "authelia"; }; secrets = lib.mkOption { @@ -120,7 +112,7 @@ If set to null, defaults to: services.authelia.instances.${fqdn} = { enable = true; - user = cfg.autheliaUser or "authelia_" + builtins.replaceStrings ["-" "."] ["_" "_"] fqdn; + user = cfg.autheliaUser; secrets = { inherit (cfg.secrets) jwtSecretFile storageEncryptionKeyFile; diff --git a/modules/blocks/nginx.nix b/modules/blocks/nginx.nix index a8bd93c4..9052b142 100644 --- a/modules/blocks/nginx.nix +++ b/modules/blocks/nginx.nix @@ -20,7 +20,7 @@ let }; authEndpoint = lib.mkOption { - type = lib.types.nullOr lib.types.str; + type = lib.types.str; description = "Auth endpoint for SSO."; default = null; example = "https://authelia.example.com"; diff --git a/test/modules/nginx.nix b/test/modules/nginx.nix new file mode 100644 index 00000000..b023217a --- /dev/null +++ b/test/modules/nginx.nix @@ -0,0 +1,81 @@ +{ pkgs, lib, ... }: +let + anyOpt = default: lib.mkOption { + type = lib.types.anything; + inherit default; + }; + + testConfig = m: + let + cfg = (lib.evalModules { + specialArgs = { inherit pkgs; }; + modules = [ + { + options = { + assertions = anyOpt []; + networking = anyOpt {}; + security = anyOpt {}; + services = anyOpt {}; + shb.authelia = anyOpt {}; + shb.backup = anyOpt {}; + shb.ssl = anyOpt {}; + }; + } + ../../modules/blocks/nginx.nix + m + ]; + }).config; + in lib.attrsets.filterAttrsRecursive (n: v: n != "extraConfig") { + inherit (cfg) services; + shb = { inherit (cfg.shb) backup nginx; }; + }; +in +{ + testNoOptions = { + expected = { + shb.backup = {}; + shb.nginx = { + accessLog = false; + autheliaProtect = []; + debugLog = false; + }; + services.nginx.enable = true; + }; + expr = testConfig {}; + }; + + testAuth = { + expected = { + shb.backup = {}; + shb.nginx = { + accessLog = false; + autheliaProtect = [{ + authEndpoint = "hello"; + autheliaRules = [{}]; + subdomain = "my"; + domain = "example.com"; + upstream = "http://127.0.0.1:1234"; + }]; + debugLog = false; + }; + services.nginx.enable = true; + services.nginx.virtualHosts."my.example.com" = { + forceSSL = true; + locations."/" = {}; + locations."/authelia" = {}; + sslCertificate = "/var/lib/acme/example.com/cert.pem"; + sslCertificateKey = "/var/lib/acme/example.com/key.pem"; + }; + }; + expr = testConfig { + shb.ssl.enable = true; + shb.nginx.autheliaProtect = [{ + subdomain = "my"; + domain = "example.com"; + upstream = "http://127.0.0.1:1234"; + authEndpoint = "hello"; + autheliaRules = [{}]; + }]; + }; + }; +}