add jwtverify.lua to haproxy

2022-12-18 23:29:18 -08:00 · 2022-12-18 23:29:18 -08:00 · 1a09a916f4
commit 1a09a916f4
parent f92f2f6cb6
2 changed files with 28 additions and 7 deletions
--- a/haproxy/configcreator.nix
+++ b/haproxy/configcreator.nix
@ -143,14 +143,28 @@ let
          pkgs.linkFarm "haproxyplugins" (mapAttrsToList mkLink configs);

      mkPlugin = links: name:
-        { init
-        , load ? false
+        { luapaths ? []
+        , cpaths ? []
+        , load ? null
        , ...
        }:
        {
-          lua-prepend-path = ["${links}/?/${init}"];
-        } // optionalAttrs load {
-          lua-load = ["${links}/${name}/${init}"];
+          lua-prepend-path =
+            let
+              f = ext: type: path:
+                {
+                  inherit type;
+                  path =
+                    if path == "." then
+                      "${links}/${name}/?.${ext}"
+                    else
+                      "${links}/${name}/${path}/?.${ext}";
+                };
+            in
+              map (f "lua" "path") (toList luapaths)
+              ++ map (f "so" "cpath") (toList cpaths);
+        } // optionalAttrs (load != null) {
+          lua-load = ["${links}/${name}/${load}"];
        };

      # Takes plugins as an attrset of name to {init, load, source},
@ -160,7 +174,7 @@ let
      mkPlugins = v:
        let
          f = recursiveMerge (mapAttrsToList (mkPlugin (createPluginLinks v)) v);
-          lua-prepend-path = map (x: "lua-prepend-path ${x}") (getAttrWithDefault "lua-prepend-path" [] f);
+          lua-prepend-path = map ({path, type}: "lua-prepend-path ${path} ${type}") (getAttrWithDefault "lua-prepend-path" [] f);
          lua-load = map (x: "lua-load ${x}") (getAttrWithDefault "lua-load" [] f);
        in
          lua-prepend-path ++ lua-load;
@ -187,6 +201,10 @@ let
            match = k: parent: v: k == "plugins";
            rule = k: parent: v: mkPlugins v;
          }
+          {
+            match = k: parent: v: k == "setenv";
+            rule = k: parent: v: mapAttrsToList (k: v: "setenv ${k} ${v}" ) v;
+          }
        ];
      }
      {
@ -312,6 +330,7 @@ in
    , group
    , certPath
    , plugins ? {}
+    , globalEnvs ? {}
    , stats ? null
    , debug ? false
    , sites ? {}
@ -328,6 +347,8 @@ in
        log = "/dev/log local0 info";

        inherit plugins;
+
+        setenv = globalEnvs;
      };

      defaults = {
--- a/keycloak-haproxy/unit.nix
+++ b/keycloak-haproxy/unit.nix
@ -32,7 +32,7 @@ rec {
            curl "${domain}/realms/$realm" | jq --raw-output .public_key > "${downloadDir}/$realm.pem"
          done
          '';
-      } ;
+      };
    in
      { HaproxyService
      , KeycloakService