diff options
| author | Nick Cao <nickcao@nichi.co> | 2024-01-21 14:48:40 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-21 14:48:40 -0500 |
| commit | 9969fb7ff4e813e8659485f340238be42447e6e3 (patch) | |
| tree | 0af274a35d7478e75fe2755c4657c3e65468be54 | |
| parent | 71ef6600a9668a897374cbd541390e8429bfcfb3 (diff) | |
| parent | c34493d7c0a1edbcc028d34941f0807b5255f338 (diff) | |
| download | nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar.gz nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar.bz2 nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar.lz nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar.xz nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.tar.zst nixlib-9969fb7ff4e813e8659485f340238be42447e6e3.zip | |
Merge pull request #281904 from Stunkymonkey/ttyd-fix-leakage
ttyd: add test & use systemd LoadCredential
| -rw-r--r-- | nixos/modules/services/web-servers/ttyd.nix | 3 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/web-servers/ttyd.nix | 19 | ||||
| -rw-r--r-- | pkgs/servers/ttyd/default.nix | 4 |
4 files changed, 26 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/ttyd.nix b/nixos/modules/services/web-servers/ttyd.nix index 3b1d87ccb483..e545869ca432 100644 --- a/nixos/modules/services/web-servers/ttyd.nix +++ b/nixos/modules/services/web-servers/ttyd.nix @@ -180,10 +180,11 @@ in # Runs login which needs to be run as root # login: Cannot possibly work without effective root User = "root"; + LoadCredential = lib.optionalString (cfg.passwordFile != null) "TTYD_PASSWORD_FILE:${cfg.passwordFile}"; }; script = if cfg.passwordFile != null then '' - PASSWORD=$(cat ${escapeShellArg cfg.passwordFile}) + PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/TTYD_PASSWORD_FILE") ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \ --credential ${escapeShellArg cfg.username}:"$PASSWORD" \ ${pkgs.shadow}/bin/login diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9e27969190f7..1fe17dd0abfd 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -905,6 +905,7 @@ in { trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {}; tsja = handleTest ./tsja.nix {}; tsm-client-gui = handleTest ./tsm-client-gui.nix {}; + ttyd = handleTest ./web-servers/ttyd.nix {}; txredisapi = handleTest ./txredisapi.nix {}; tuptime = handleTest ./tuptime.nix {}; turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {}; diff --git a/nixos/tests/web-servers/ttyd.nix b/nixos/tests/web-servers/ttyd.nix new file mode 100644 index 000000000000..d161673684b3 --- /dev/null +++ b/nixos/tests/web-servers/ttyd.nix @@ -0,0 +1,19 @@ +import ../make-test-python.nix ({ lib, pkgs, ... }: { + name = "ttyd"; + meta.maintainers = with lib.maintainers; [ stunkymonkey ]; + + nodes.machine = { pkgs, ... }: { + services.ttyd = { + enable = true; + username = "foo"; + passwordFile = pkgs.writeText "password" "bar"; + }; + }; + + testScript = '' + machine.wait_for_unit("ttyd.service") + machine.wait_for_open_port(7681) + response = machine.succeed("curl -vvv -u foo:bar -s -H 'Host: ttyd' http://127.0.0.1:7681/") + assert '<title>ttyd - Terminal</title>' in response, "Page didn't load successfully" + ''; +}) diff --git a/pkgs/servers/ttyd/default.nix b/pkgs/servers/ttyd/default.nix index 9741a23f9851..68731b6f717d 100644 --- a/pkgs/servers/ttyd/default.nix +++ b/pkgs/servers/ttyd/default.nix @@ -20,6 +20,10 @@ stdenv.mkDerivation rec { outputs = [ "out" "man" ]; + passthru.tests = { + inherit (nixosTests) ttyd; + }; + meta = { description = "Share your terminal over the web"; homepage = "https://github.com/tsl0922/ttyd"; |