[22.11] nixos/headscale: Update openidconnect options to be in sync with package

[dali99]

Description of changes

Updated openIdConnect options to match the config options available in the version actually used on 22.11

I've also hidden the option that isn't applicable anymore so people won't be confused when looking at the available options in the man page

This is only a problem for 22.11 as on master #203938 was merged

On a related note:

I think it headscale might fit the bill for something that can be backported even with breaking changes - since it relies heavily on external infrastructure and client applications, but maintaining two separate modules like this would be a pain.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.05 Release Notes (or backporting 22.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[kradalby]

Hi, great to add the ones I've missed earlier.

The module went through a large rewrite in 5717803 which makes the config format conform with RFC0042, These options are still missing on master, so would be great to get them in there: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/headscale.nix#L276-L313.

As for 22.11, I am not actually sure what the process is to get it backported, maybe we should start with getting these into master, then look at the backporting?

[dali99]

I'd say we should merge this first, so that it's at all possible to configure oidc on 22.11, then we can open a discussion about backporting the module from master later. (I don't think we generally do this, my original comment was only talking about backporting the package updates)

As for adding these options to the module on master, I'll file a PR for it, but it's orthogonal to this PR, and is not a pressing concern since it's a freeform module

[kradalby]

so that it's at all possible to configure oidc on 22.11

It is possible, but its a bit opaque by passing it to the services.headscale.settings.

Otherwise I am happy with getting them in as long as we also get it in master.

[dali99]

oh, you're right of course, I read "Overrides to config.yaml" as "Overrides config.yaml", coupled with the PR on master that changed settings into a freeform module, and didn't look into it any further. My bad!