gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx: allow basic auth passwords to be specified in a file

Browse Source
This commit is contained in:
Ben Wolsieffer
2018-04-04 21:47:56 -04:00
committed by Robin Gloster
parent c84dad316a
commit 4d40adb86d
2 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/web-servers/nginx/default.nix
View File

@@ -218,7 +218,10 @@ let
ssl_certificate_key ${vhost.sslCertificateKey};
''}
${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)}
${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) ''
auth_basic secured;
auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
''}
${mkLocations vhost.locations}
@@ -248,16 +251,11 @@ let
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
}
'') locations);
mkBasicAuth = vhostName: authDef: let
htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" (
concatStringsSep "\n" (mapAttrsToList (user: password: ''
${user}:{PLAIN}${password}
'') authDef)
);
in ''
auth_basic secured;
auth_basic_user_file ${htpasswdFile};
'';
mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
concatStringsSep "\n" (mapAttrsToList (user: password: ''
${user}:{PLAIN}${password}
'') authDef)
);
in
{