nginx: allow basic auth passwords to be specified in a file

This commit is contained in:
Ben Wolsieffer 2018-04-04 21:47:56 -04:00 committed by Robin Gloster
parent c84dad316a
commit 4d40adb86d
2 changed files with 17 additions and 11 deletions

View file

@ -218,7 +218,10 @@ let
ssl_certificate_key ${vhost.sslCertificateKey};
''}
${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)}
${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) ''
auth_basic secured;
auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
''}
${mkLocations vhost.locations}
@ -248,16 +251,11 @@ let
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
}
'') locations);
mkBasicAuth = vhostName: authDef: let
htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" (
concatStringsSep "\n" (mapAttrsToList (user: password: ''
${user}:{PLAIN}${password}
'') authDef)
);
in ''
auth_basic secured;
auth_basic_user_file ${htpasswdFile};
'';
mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
concatStringsSep "\n" (mapAttrsToList (user: password: ''
${user}:{PLAIN}${password}
'') authDef)
);
in
{

View file

@ -193,6 +193,14 @@ with lib;
'';
};
basicAuthFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Basic Auth password file for a vhost.
'';
};
locations = mkOption {
type = types.attrsOf (types.submodule (import ./location-options.nix {
inherit lib;