diff options
author | Graham Christensen <graham@grahamc.com> | 2020-10-20 14:06:37 +0000 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2020-11-02 08:16:00 -0500 |
commit | 33cf4f0e8eea945984486d747cdf7c35b89ccf51 (patch) | |
tree | e4959d3e262c3bd9750f7e7983170074a97fe906 /nixos/modules/services | |
parent | fd0b3839b231d688b0780ef973e3eb9611d383eb (diff) | |
download | nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar.gz nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar.bz2 nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar.lz nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar.xz nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.tar.zst nixpkgs-33cf4f0e8eea945984486d747cdf7c35b89ccf51.zip |
nginx: factor out the generation of basic auth generation
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index c0c2f27a00e..ee105369863 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -261,10 +261,7 @@ let ssl_trusted_certificate ${vhost.sslTrustedCertificate}; ''} - ${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) '' - auth_basic secured; - auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth}; - ''} + ${mkBasicAuth vhostName vhost} ${mkLocations vhost.locations} @@ -295,7 +292,16 @@ let ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); - mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( + + mkBasicAuth = name: zone: optionalString (zone.basicAuthFile != null || zone.basicAuth != {}) (let + auth_file = if zone.basicAuthFile != null + then zone.basicAuthFile + else mkHtpasswd name zone.basicAuth; + in '' + auth_basic secured; + auth_basic_user_file ${auth_file}; + ''); + mkHtpasswd = name: authDef: pkgs.writeText "${name}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} '') authDef) |