diff options
author | Kim Lindberger <kim.lindberger@gmail.com> | 2022-02-02 16:27:22 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-02 16:27:22 +0100 |
commit | b43e0ae859c18e3b54766f79dff58736dbb6ac00 (patch) | |
tree | 055ef75c5e347a5a7842efbc7518d04438c774d1 /nixos/modules/services/web-apps | |
parent | 4dccd7023f368948bfef680263e4d2385772c1a6 (diff) | |
parent | be97b3b44d9e93a473db41056d09d22689ed115f (diff) | |
download | nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar.gz nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar.bz2 nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar.lz nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar.xz nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.tar.zst nixpkgs-b43e0ae859c18e3b54766f79dff58736dbb6ac00.zip |
Merge pull request #157719 from talyz/bookstack-secret-paths
nixos/bookstack: Make secret replacement strings more unique
Diffstat (limited to 'nixos/modules/services/web-apps')
-rw-r--r-- | nixos/modules/services/web-apps/bookstack.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/web-apps/bookstack.nix b/nixos/modules/services/web-apps/bookstack.nix index 54eaea63b6e..64a2767fab6 100644 --- a/nixos/modules/services/web-apps/bookstack.nix +++ b/nixos/modules/services/web-apps/bookstack.nix @@ -385,13 +385,13 @@ in { else if isString v then v else if true == v then "true" else if false == v then "false" - else if isSecret v then v._secret + else if isSecret v then hashString "sha256" v._secret else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; }; }; secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config); mkSecretReplacement = file: '' - replace-secret ${escapeShellArgs [ file file "${cfg.dataDir}/.env" ]} + replace-secret ${escapeShellArgs [ (builtins.hashString "sha256" file) file "${cfg.dataDir}/.env" ]} ''; secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ {} null ])) cfg.config; |