diff options
| author | Peder Bergebakken Sundt <pbsds@hotmail.com> | 2024-01-31 17:59:39 +0100 |
|---|---|---|
| committer | Peder Bergebakken Sundt <pbsds@hotmail.com> | 2024-02-05 17:38:00 +0100 |
| commit | a8880f1647e6b8e83f1f9909bea17d4c0dbe8428 (patch) | |
| tree | 49a27a001f537246cf758726057a49044fc0489a /nixos/modules/services/web-servers | |
| parent | 0d13d2a90f21947ddc20c13c4b0a70d88c354b16 (diff) | |
| download | nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar.gz nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar.bz2 nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar.lz nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar.xz nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.tar.zst nixlib-a8880f1647e6b8e83f1f9909bea17d4c0dbe8428.zip | |
nixos/ttyd: add entrypoint option
Diffstat (limited to 'nixos/modules/services/web-servers')
| -rw-r--r-- | nixos/modules/services/web-servers/ttyd.nix | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/nixos/modules/services/web-servers/ttyd.nix b/nixos/modules/services/web-servers/ttyd.nix index 1b7db0faff9f..14361df2bb66 100644 --- a/nixos/modules/services/web-servers/ttyd.nix +++ b/nixos/modules/services/web-servers/ttyd.nix @@ -62,7 +62,7 @@ in username = mkOption { type = types.nullOr types.str; default = null; - description = "Username for basic authentication."; + description = "Username for basic http authentication."; }; passwordFile = mkOption { @@ -70,7 +70,7 @@ in default = null; apply = value: if value == null then null else toString value; description = '' - File containing the password to use for basic authentication. + File containing the password to use for basic http authentication. For insecurely putting the password in the globally readable store use `pkgs.writeText "ttydpw" "MyPassword"`. ''; @@ -82,6 +82,26 @@ in description = "Signal to send to the command on session close."; }; + entrypoint = mkOption { + type = types.listOf types.str; + default = [ "${pkgs.shadow}/bin/login" ]; + defaultText = lib.literalExpression '' + [ "''${pkgs.shadow}/bin/login" ] + ''; + example = lib.literalExpression '' + [ (lib.getExe pkgs.htop) ] + ''; + description = "Which command ttyd runs."; + apply = lib.escapeShellArgs; + }; + + user = mkOption { + type = types.str; + # `login` needs to be run as root + default = "root"; + description = "Which unix user ttyd should run as."; + }; + writeable = mkOption { type = types.nullOr types.bool; default = null; # null causes an eval error, forcing the user to consider attack surface @@ -193,9 +213,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { - # Runs login which needs to be run as root - # login: Cannot possibly work without effective root - User = "root"; + User = cfg.user; LoadCredential = lib.optionalString (cfg.passwordFile != null) "TTYD_PASSWORD_FILE:${cfg.passwordFile}"; }; @@ -203,11 +221,11 @@ in PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/TTYD_PASSWORD_FILE") ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \ --credential ${lib.escapeShellArg cfg.username}:"$PASSWORD" \ - ${pkgs.shadow}/bin/login + ${cfg.entrypoint} '' else '' ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \ - ${pkgs.shadow}/bin/login + ${cfg.entrypoint} ''; }; }; |