diff options
author | Ben Wolsieffer <benwolsieffer@gmail.com> | 2018-04-04 21:47:56 -0400 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2018-04-25 15:37:09 +0200 |
commit | 4d40adb86d03b856e12984048ced8902e3f73fd3 (patch) | |
tree | 150bcbdbf811033925d650f765f18570c6e5929e /nixos | |
parent | c84dad316a8d1eb0b5c2af0bd037c169096683ca (diff) | |
download | nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.gz nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.bz2 nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.lz nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.xz nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.zst nixpkgs-4d40adb86d03b856e12984048ced8902e3f73fd3.zip |
nginx: allow basic auth passwords to be specified in a file
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 20 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 8 |
2 files changed, 17 insertions, 11 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 938a8a1fe33..815c3147e64 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -218,7 +218,10 @@ let ssl_certificate_key ${vhost.sslCertificateKey}; ''} - ${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)} + ${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) '' + auth_basic secured; + auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth}; + ''} ${mkLocations vhost.locations} @@ -248,16 +251,11 @@ let ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } '') locations); - mkBasicAuth = vhostName: authDef: let - htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( - concatStringsSep "\n" (mapAttrsToList (user: password: '' - ${user}:{PLAIN}${password} - '') authDef) - ); - in '' - auth_basic secured; - auth_basic_user_file ${htpasswdFile}; - ''; + mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( + concatStringsSep "\n" (mapAttrsToList (user: password: '' + ${user}:{PLAIN}${password} + '') authDef) + ); in { diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index bf18108a1a3..f014d817e80 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -193,6 +193,14 @@ with lib; ''; }; + basicAuthFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Basic Auth password file for a vhost. + ''; + }; + locations = mkOption { type = types.attrsOf (types.submodule (import ./location-options.nix { inherit lib; |