diff options
author | Peder Bergebakken Sundt <pbsds@hotmail.com> | 2024-01-31 17:54:32 +0100 |
---|---|---|
committer | Peder Bergebakken Sundt <pbsds@hotmail.com> | 2024-01-31 17:57:42 +0100 |
commit | 4c707039315ab2a276339f1ceb33dc1477f2d37f (patch) | |
tree | 378d1a7c11104c52e7e3191a4dab5bee316ca23e /nixos/modules/services/web-servers | |
parent | 19159ced3e3964dda71c8634793b8d0a16431bb6 (diff) | |
download | nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar.gz nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar.bz2 nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar.lz nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar.xz nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.tar.zst nixlib-4c707039315ab2a276339f1ceb33dc1477f2d37f.zip |
nixos/ttyd: add writable option
Co-authored-by: Carsten Rodin <19612711+carstoid@users.noreply.github.com>
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r-- | nixos/modules/services/web-servers/ttyd.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/ttyd.nix b/nixos/modules/services/web-servers/ttyd.nix index e545869ca432..9315890d5c8d 100644 --- a/nixos/modules/services/web-servers/ttyd.nix +++ b/nixos/modules/services/web-servers/ttyd.nix @@ -14,6 +14,7 @@ let ++ (concatLists (mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions)) ++ [ "--terminal-type" cfg.terminalType ] ++ optionals cfg.checkOrigin [ "--check-origin" ] + ++ optionals cfg.writeable [ "--writable" ] # the typo is correct ++ [ "--max-clients" (toString cfg.maxClients) ] ++ optionals (cfg.indexFile != null) [ "--index" cfg.indexFile ] ++ optionals cfg.enableIPv6 [ "--ipv6" ] @@ -75,6 +76,13 @@ in description = lib.mdDoc "Signal to send to the command on session close."; }; + writeable = mkOption { + type = types.nullOr types.bool; + default = null; # null causes an eval error, forcing the user to consider attack surface + example = true; + description = lib.mdDoc "Allow clients to write to the TTY."; + }; + clientOptions = mkOption { type = types.attrsOf types.str; default = {}; @@ -165,6 +173,8 @@ in [ { assertion = cfg.enableSSL -> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null; message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; } + { assertion = cfg.writeable != null; + message = "services.ttyd.writeable must be set"; } { assertion = ! (cfg.interface != null && cfg.socket != null); message = "Cannot set both interface and socket for ttyd."; } { assertion = (cfg.username != null) == (cfg.passwordFile != null); |