summary refs log tree commit diff
path: root/nixos/modules/services/web-servers
diff options
context:
space:
mode:
authorBen Wolsieffer <benwolsieffer@gmail.com>2018-04-04 21:47:56 -0400
committerRobin Gloster <mail@glob.in>2018-04-25 15:37:09 +0200
commit4d40adb86d03b856e12984048ced8902e3f73fd3 (patch)
tree150bcbdbf811033925d650f765f18570c6e5929e /nixos/modules/services/web-servers
parentc84dad316a8d1eb0b5c2af0bd037c169096683ca (diff)
downloadnixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.gz
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.bz2
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.lz
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.xz
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.tar.zst
nixlib-4d40adb86d03b856e12984048ced8902e3f73fd3.zip
nginx: allow basic auth passwords to be specified in a file
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix20


-rw-r--r--nixos/modules/services/web-servers/nginx/vhost-options.nix8


2 files changed, 17 insertions, 11 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 938a8a1fe334..815c3147e647 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -218,7 +218,10 @@ let
             ssl_certificate_key ${vhost.sslCertificateKey};
           ''}
 
-          ${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)}
+          ${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) ''
+            auth_basic secured;
+            auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
+          ''}
 
           ${mkLocations vhost.locations}
 
@@ -248,16 +251,11 @@ let
       ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
     }
   '') locations);
-  mkBasicAuth = vhostName: authDef: let
-    htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" (
-      concatStringsSep "\n" (mapAttrsToList (user: password: ''
-        ${user}:{PLAIN}${password}
-      '') authDef)
-    );
-  in ''
-    auth_basic secured;
-    auth_basic_user_file ${htpasswdFile};
-  '';
+  mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
+    concatStringsSep "\n" (mapAttrsToList (user: password: ''
+      ${user}:{PLAIN}${password}
+    '') authDef)
+  );
 in
 
 {
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix
index bf18108a1a3c..f014d817e80e 100644
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -193,6 +193,14 @@ with lib;
       '';
     };
 
+    basicAuthFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Basic Auth password file for a vhost.
+      '';
+    };
+
     locations = mkOption {
       type = types.attrsOf (types.submodule (import ./location-options.nix {
         inherit lib;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 18:52:57 +0000