nix: option logout-url does not exist

[VTimofeenko]

While setting up keycloak to work with docspell I followed the example config:

provider = {
          provider-id = "keycloak",
          client-id = "docspell",
          client-secret = "example-secret-439e-bf06-911e4cdd56a6",
          scope = "profile", # scope is required for OIDC
          authorize-url = "http://localhost:8080/auth/realms/home/protocol/openid-connect/auth",
          token-url = "http://localhost:8080/auth/realms/home/protocol/openid-connect/token",
          #User URL is not used when signature key is set.
          #user-url = "http://localhost:8080/auth/realms/home/protocol/openid-connect/userinfo",
          logout-url = "http://localhost:8080/auth/realms/home/protocol/openid-connect/logout"
          sign-key = "b64:anVzdC1hLXRlc3Q=",
          sig-algo = "RS512"
        },

But this leads to an error:

error: The option `services.docspell-restserver.openid."[definition 1-entry 1]".provider.logout-url' does not exist. Definition values:
       - In `/nix/store/q6gr53h6ihs31295zghr2iw77c1fhfwz-source/nixosModules/services/docspell/docspell.nix': "<URL>/realms/master/protocol/openid-connect/logout"

Nix is not lying, this option indeed does not exist in server.nix :)

I'd be happy to add it as a PR. On a related note -- would this be the right time to potentially move to RFC42-compliant config? Could be a replacement of extraConfig.

[eikek]

Thank you for reporting! If you could do a PR for this, that would be awesome! I didn't know about this RFC, but I like it :) Is there some minimum Nix version required (I haven't read through the whole issue yet)?

[VTimofeenko]

If you could do a PR for this, that would be awesome! I

Will do. On a related note: auth.on-account-source-conflict suffers from the same thing. Should I make it a part of the same PR or submit a separate one?

Is there some minimum Nix version required

The RFC is actually effectively implemented as part of pkgs:

let
  settingsFormat = pkgs.formats.json { };
  cfg = config.services.foo;
in
{
# ...
configFile = settingsFFormat.generate "config.json" cfg.config;
}

It's been around for a while and it's present in the nixpkgs used in the docspell flake:

docspell❯ nrlf # nix repl --expr "builtins.getFlake \"$PWD\""
Welcome to Nix 2.18.1. Type :? for help.

Loading installable ''...
Added 16 variables.
nix-repl> inputs.nixpkgs.legacyPackages.x86_64-linux.formats.json
«lambda @ /nix/store/ra9193qvpj7qwm41w49i6gc6my38amm8-source/pkgs/pkgs-lib/formats.nix:44:10»

[eikek]

Thank you for the nice explanation and the PR!

Should I make it a part of the same PR or submit a separate one?

I don't care really, you can just add it to the existing PR, or do whatever feels better for you :).

[VTimofeenko]

I added the auth.on-account-source-conflict option to the same PR. The RFC42 stuff probably is worth splitting out from this issue