Partially removing modules from NixOS
A technique I needed to redefine / overwrite a service configuration which was defined upstream.
April 21, 2024
I use OAuth2 Proxy in my home cluster, which runs NixOS. My update policy for this cluster is, quite literally, best effort when the vibes feel like it I remember to.
Recently, a change was introduced upstream in nixos/nixpkgs, where the OAuth2 Proxy integration with Nginx had a regression for my use case of forwarding authorization header as X-User
 and X-Email
.
This problem was preventing me from using my Grafana instance, since I have it configured to use proxy authentication.
So now I’m stuck in a situation where I want to stay updated upstream for everything, except for OAuth2 Proxy Nginx integration. Simply redefining the options will end up with a complaint from Nix, as it won’t accept overwrite as is.
And then I learned about a new option: disabledModules
. As the name states, it tells NixOS to not use certain paths from derivations.
To accomplish a “working setup” I pretty much have to copy over the service configuration prior to recent changes, then mark the upstream path as disabled.
{
disabledModules = [ "services/security/oauth2_proxy_nginx.nix" ];
# The rest of this file is copied from 2e751c077 of nixos/nixpkgs
# under nixos/modules/services/security/oauth2_proxy_nginx.nix
options.services.oauth2_proxy.nginx = {
proxy = {
# ...
}
Afterwards, make sure to import the file above as imports
from the configuration.nix
(or its import tree).