nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -391,6 +391,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
 
+- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed.
+
 - `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
   Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
 

nixos/modules/module-list.nix

@@ -1256,8 +1256,8 @@
   ./services/security/kanidm.nix
   ./services/security/munge.nix
   ./services/security/nginx-sso.nix
-  ./services/security/oauth2_proxy.nix
-  ./services/security/oauth2_proxy_nginx.nix
+  ./services/security/oauth2-proxy.nix
+  ./services/security/oauth2-proxy-nginx.nix
   ./services/security/opensnitch.nix
   ./services/security/pass-secret-service.nix
   ./services/security/physlock.nix

nixos/modules/services/security/oauth2-proxy-nginx.nix

@@ -1,26 +1,26 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.services.oauth2_proxy.nginx;
+  cfg = config.services.oauth2-proxy.nginx;
 in
 {
-  options.services.oauth2_proxy.nginx = {
+  options.services.oauth2-proxy.nginx = {
     proxy = mkOption {
       type = types.str;
-      default = config.services.oauth2_proxy.httpAddress;
-      defaultText = literalExpression "config.services.oauth2_proxy.httpAddress";
+      default = config.services.oauth2-proxy.httpAddress;
+      defaultText = literalExpression "config.services.oauth2-proxy.httpAddress";
       description = ''
-        The address of the reverse proxy endpoint for oauth2_proxy
+        The address of the reverse proxy endpoint for oauth2-proxy
       '';
     };
 
     domain = mkOption {
       type = types.str;
       description = ''
-        The domain under which the oauth2_proxy will be accesible and the path of cookies are set to.
+        The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.
         This setting must be set to ensure back-redirects are working properly
-        if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain`
-        or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain.
+        if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`
+        or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.
       '';
     };
 
@@ -47,7 +47,7 @@ in
         };
         oldType = types.listOf types.str;
         convertFunc = x:
-          lib.warn "services.oauth2_proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
+          lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}"
           lib.genAttrs x (_: {});
         newType = types.attrsOf vhostSubmodule;
       in types.coercedTo oldType convertFunc newType;
@@ -65,11 +65,11 @@ in
     };
   };
 
-  config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
+  config.services.oauth2-proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) {
     enable = true;
   };
 
-  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([
+  config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (mkMerge ([
     {
       virtualHosts.${cfg.domain}.locations."/oauth2/" = {
         proxyPass = cfg.proxy;

nixos/modules/services/security/oauth2-proxy.nix

@@ -1,15 +1,13 @@
-# NixOS module for oauth2_proxy.
-
 { config, lib, pkgs, ... }:
 
 with lib;
 let
-  cfg = config.services.oauth2_proxy;
+  cfg = config.services.oauth2-proxy;
 
-  # oauth2_proxy provides many options that are only relevant if you are using
+  # oauth2-proxy provides many options that are only relevant if you are using
   # a certain provider. This set maps from provider name to a function that
   # takes the configuration and returns a string that can be inserted into the
-  # command-line to launch oauth2_proxy.
+  # command-line to launch oauth2-proxy.
   providerSpecificOptions = {
     azure = cfg: {
       azure-tenant = cfg.azure.tenant;
@@ -85,8 +83,8 @@ let
   configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig);
 in
 {
-  options.services.oauth2_proxy = {
-    enable = mkEnableOption "oauth2_proxy";
+  options.services.oauth2-proxy = {
+    enable = mkEnableOption "oauth2-proxy";
 
     package = mkPackageOption pkgs "oauth2-proxy" { };
 
@@ -557,28 +555,30 @@ in
         OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com
         and specify the path here.
       '';
-      example = "/run/keys/oauth2_proxy";
+      example = "/run/keys/oauth2-proxy";
     };
-
   };
 
-  config = mkIf cfg.enable {
+  imports = [
+    (mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ])
+  ];
 
-    services.oauth2_proxy = mkIf (cfg.keyFile != null) {
+  config = mkIf cfg.enable {
+    services.oauth2-proxy = mkIf (cfg.keyFile != null) {
       clientID = mkDefault null;
       clientSecret = mkDefault null;
       cookie.secret = mkDefault null;
     };
 
-    users.users.oauth2_proxy = {
+    users.users.oauth2-proxy = {
       description = "OAuth2 Proxy";
       isSystemUser = true;
-      group = "oauth2_proxy";
+      group = "oauth2-proxy";
     };
 
-    users.groups.oauth2_proxy = {};
+    users.groups.oauth2-proxy = {};
 
-    systemd.services.oauth2_proxy = {
+    systemd.services.oauth2-proxy = {
       description = "OAuth2 Proxy";
       path = [ cfg.package ];
       wantedBy = [ "multi-user.target" ];
@@ -586,7 +586,7 @@ in
       after = [ "network-online.target" ];
 
       serviceConfig = {
-        User = "oauth2_proxy";
+        User = "oauth2-proxy";
         Restart = "always";
         ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
         EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;