diff options
author | Richard Larocque <richard.larocque@gmail.com> | 2017-08-06 15:21:01 -0700 |
---|---|---|
committer | Richard Larocque <richard.larocque@gmail.com> | 2017-08-06 15:31:37 -0700 |
commit | 66b07e41e633bb6df1f1a57aa46856e7248da0da (patch) | |
tree | abd17dcc7adc98065b36db4aa443c76dc7e9bd3f /nixos/modules/services/networking/mosquitto.nix | |
parent | 638b67146dc74b0fe606a49b9daebc921207e675 (diff) | |
download | nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar.gz nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar.bz2 nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar.lz nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar.xz nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.tar.zst nixpkgs-66b07e41e633bb6df1f1a57aa46856e7248da0da.zip |
nixos/mosquitto: Add checkPasswords option
Related to https://github.com/NixOS/nixpkgs/issues/27130. Adds an option to NixOS configuration option to have Mosquitto use the password file that it generates. When this option is false the Mosquitto server will accept login attempts with any username and any password. This option defaults to false because this matches the behavior of the service prior to the introduction of this option. When the `services.mosquitto.checkPasswords` is true, the server will only accept valid usernames and passwords.
Diffstat (limited to 'nixos/modules/services/networking/mosquitto.nix')
-rw-r--r-- | nixos/modules/services/networking/mosquitto.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 5451500b56f..9aef726b268 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -12,6 +12,10 @@ let keyfile ${cfg.ssl.keyfile} ''; + passwordConf = optionalString cfg.checkPasswords '' + password_file ${cfg.dataDir}/passwd + ''; + mosquittoConf = pkgs.writeText "mosquitto.conf" '' pid_file /run/mosquitto/pid acl_file ${aclFile} @@ -19,6 +23,7 @@ let allow_anonymous ${boolToString cfg.allowAnonymous} bind_address ${cfg.host} port ${toString cfg.port} + ${passwordConf} ${listenerConf} ${cfg.extraConf} ''; @@ -153,6 +158,15 @@ in ''; }; + checkPasswords = mkOption { + default = false; + example = true; + type = types.bool; + description = '' + Refuse connection when clients provide incorrect passwords. + ''; + }; + extraConf = mkOption { default = ""; type = types.lines; |