diff options
author | Janne Heß <janne@hess.ooo> | 2019-06-14 00:11:50 +0200 |
---|---|---|
committer | Janne Heß <janne@hess.ooo> | 2019-06-27 03:29:02 +0200 |
commit | 8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b (patch) | |
tree | 327ebc465e24063a1f85d23d8fb03957a6a119da /nixos/modules/services/misc/gitea.nix | |
parent | 616e52e21be358fbd76d7cbd9a6d4744232490fb (diff) | |
download | nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar.gz nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar.bz2 nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar.lz nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar.xz nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.tar.zst nixpkgs-8c3dd6f5e792e8aa53bdb115a673f444aaf86e5b.zip |
nixos/gitea: Generate a JWT secret for git LFS
Diffstat (limited to 'nixos/modules/services/misc/gitea.nix')
-rw-r--r-- | nixos/modules/services/misc/gitea.nix | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index d1807a90619..5a964e672ed 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -38,6 +38,7 @@ let HTTP_PORT = ${toString cfg.httpPort} ROOT_URL = ${cfg.rootUrl} STATIC_ROOT_PATH = ${cfg.staticRootPath} + LFS_JWT_SECRET = #jwtsecret# [session] COOKIE_NAME = session @@ -326,21 +327,28 @@ in preStart = let runConfig = "${cfg.stateDir}/custom/conf/app.ini"; secretKey = "${cfg.stateDir}/custom/conf/secret_key"; + jwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; in '' # copy custom configuration and generate a random secret key if needed ${optionalString (cfg.useWizard == false) '' cp -f ${configFile} ${runConfig} if [ ! -e ${secretKey} ]; then - head -c 16 /dev/urandom | base64 > ${secretKey} + ${gitea.bin}/bin/gitea generate secret SECRET_KEY > ${secretKey} fi - KEY=$(head -n1 ${secretKey}) - DBPASS=$(head -n1 ${cfg.database.passwordFile}) + if [ ! -e ${jwtSecret} ]; then + ${gitea.bin}/bin/gitea generate secret LFS_JWT_SECRET > ${jwtSecret} + fi + + KEY="$(head -n1 ${secretKey})" + DBPASS="$(head -n1 ${cfg.database.passwordFile})" + JWTSECRET="$(head -n1 ${jwtSecret})" sed -e "s,#secretkey#,$KEY,g" \ -e "s,#dbpass#,$DBPASS,g" \ + -e "s,#jwtsecet#,$JWTSECET,g" \ -i ${runConfig} - chmod 640 ${runConfig} ${secretKey} + chmod 640 ${runConfig} ${secretKey} ${jwtSecret} ''} # update all hooks' binary paths |