add jwtverify.lua to haproxy
This commit is contained in:
ibizaman
parent
f92f2f6cb6
commit
1a09a916f4
2 changed files with 28 additions and 7 deletions
|
|
@ -143,14 +143,28 @@ let
|
||||||
pkgs.linkFarm "haproxyplugins" (mapAttrsToList mkLink configs);
|
pkgs.linkFarm "haproxyplugins" (mapAttrsToList mkLink configs);
|
||||||
|
|
||||||
mkPlugin = links: name:
|
mkPlugin = links: name:
|
||||||
{ init
|
{ luapaths ? []
|
||||||
, load ? false
|
, cpaths ? []
|
||||||
|
, load ? null
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
lua-prepend-path = ["${links}/?/${init}"];
|
lua-prepend-path =
|
||||||
} // optionalAttrs load {
|
let
|
||||||
lua-load = ["${links}/${name}/${init}"];
|
f = ext: type: path:
|
||||||
|
{
|
||||||
|
inherit type;
|
||||||
|
path =
|
||||||
|
if path == "." then
|
||||||
|
"${links}/${name}/?.${ext}"
|
||||||
|
else
|
||||||
|
"${links}/${name}/${path}/?.${ext}";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
map (f "lua" "path") (toList luapaths)
|
||||||
|
++ map (f "so" "cpath") (toList cpaths);
|
||||||
|
} // optionalAttrs (load != null) {
|
||||||
|
lua-load = ["${links}/${name}/${load}"];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Takes plugins as an attrset of name to {init, load, source},
|
# Takes plugins as an attrset of name to {init, load, source},
|
||||||
|
|
@ -160,7 +174,7 @@ let
|
||||||
mkPlugins = v:
|
mkPlugins = v:
|
||||||
let
|
let
|
||||||
f = recursiveMerge (mapAttrsToList (mkPlugin (createPluginLinks v)) v);
|
f = recursiveMerge (mapAttrsToList (mkPlugin (createPluginLinks v)) v);
|
||||||
lua-prepend-path = map (x: "lua-prepend-path ${x}") (getAttrWithDefault "lua-prepend-path" [] f);
|
lua-prepend-path = map ({path, type}: "lua-prepend-path ${path} ${type}") (getAttrWithDefault "lua-prepend-path" [] f);
|
||||||
lua-load = map (x: "lua-load ${x}") (getAttrWithDefault "lua-load" [] f);
|
lua-load = map (x: "lua-load ${x}") (getAttrWithDefault "lua-load" [] f);
|
||||||
in
|
in
|
||||||
lua-prepend-path ++ lua-load;
|
lua-prepend-path ++ lua-load;
|
||||||
|
|
@ -187,6 +201,10 @@ let
|
||||||
match = k: parent: v: k == "plugins";
|
match = k: parent: v: k == "plugins";
|
||||||
rule = k: parent: v: mkPlugins v;
|
rule = k: parent: v: mkPlugins v;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
match = k: parent: v: k == "setenv";
|
||||||
|
rule = k: parent: v: mapAttrsToList (k: v: "setenv ${k} ${v}" ) v;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
@ -312,6 +330,7 @@ in
|
||||||
, group
|
, group
|
||||||
, certPath
|
, certPath
|
||||||
, plugins ? {}
|
, plugins ? {}
|
||||||
|
, globalEnvs ? {}
|
||||||
, stats ? null
|
, stats ? null
|
||||||
, debug ? false
|
, debug ? false
|
||||||
, sites ? {}
|
, sites ? {}
|
||||||
|
|
@ -328,6 +347,8 @@ in
|
||||||
log = "/dev/log local0 info";
|
log = "/dev/log local0 info";
|
||||||
|
|
||||||
inherit plugins;
|
inherit plugins;
|
||||||
|
|
||||||
|
setenv = globalEnvs;
|
||||||
};
|
};
|
||||||
|
|
||||||
defaults = {
|
defaults = {
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ rec {
|
||||||
curl "${domain}/realms/$realm" | jq --raw-output .public_key > "${downloadDir}/$realm.pem"
|
curl "${domain}/realms/$realm" | jq --raw-output .public_key > "${downloadDir}/$realm.pem"
|
||||||
done
|
done
|
||||||
'';
|
'';
|
||||||
} ;
|
};
|
||||||
in
|
in
|
||||||
{ HaproxyService
|
{ HaproxyService
|
||||||
, KeycloakService
|
, KeycloakService
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue