diff options
author | lethalman <lucabru@src.gnome.org> | 2015-03-17 12:59:58 +0100 |
---|---|---|
committer | lethalman <lucabru@src.gnome.org> | 2015-03-17 12:59:58 +0100 |
commit | c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218 (patch) | |
tree | 37d28a55ea154c3f243a16ff048d0aafff9a65dd /nixos/modules/services | |
parent | ccd693bb7cb5ca9dfb319302decc5806deeb5771 (diff) | |
parent | 7ad6dac43b5e152957f5b438fbf896af00173ee3 (diff) | |
download | nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar.gz nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar.bz2 nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar.lz nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar.xz nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.tar.zst nixlib-c91ccb4b9c275b2cfc35c2c26231aadaf0e0b218.zip |
Merge pull request #6842 from philandstuff/hash-owncloud-admin-password
owncloud: don't store plaintext adminPassword in nix store
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/owncloud.nix | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index 3bea3c3ee1dd..a5e539bc9ba7 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -384,8 +384,7 @@ rec { }; adminPassword = mkOption { - description = "The admin password for accessing owncloud. - Warning: this is stored in cleartext in the Nix store!"; + description = "The admin password for accessing owncloud."; }; dbType = mkOption { @@ -571,7 +570,7 @@ rec { chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true - QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','`echo -n "${config.adminPassword}" | ${pkgs.openssl}/bin/openssl dgst -sha1 | ${pkgs.gawk}/bin/awk '{print $2}'`'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');" + QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','${builtins.hashString "sha1" config.adminPassword}'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');" ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true ''; } |