diff options
author | Robin Gloster <mail@glob.in> | 2016-03-25 01:00:09 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-28 11:59:13 +0000 |
commit | 138945500ee71eaac71435a78f627f9c83d035f4 (patch) | |
tree | 4ae852cef5e5d30a8f5e04b2f32f71b1677949e2 /nixos | |
parent | ff12ee35b702dca2ed3c3b6671ac232bc850e6d7 (diff) | |
download | nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar.gz nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar.bz2 nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar.lz nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar.xz nixlib-138945500ee71eaac71435a78f627f9c83d035f4.tar.zst nixlib-138945500ee71eaac71435a78f627f9c83d035f4.zip |
nginx module: implement basic auth
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 37526255f8a9..d4c7cb08eef9 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -118,19 +118,31 @@ let ssl_certificate_key ${vhost.sslCertificateKey}; ''} - ${genLocations vhost.locations} + ${optionalString (vhost.basicAuth != {}) (mkBasicAuth serverName vhost.basicAuth)} + + ${mkLocations vhost.locations} ${vhost.extraConfig} } '' ) virtualHosts); - genLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' + mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' location ${location} { ${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"} ${optionalString (config.root != null) "root ${config.root};"} ${config.extraConfig} } '') locations); + mkBasicAuth = serverName: authDef: let + htpasswdFile = pkgs.writeText "${serverName}.htpasswd" ( + concatStringsSep "\n" (mapAttrsToList (user: password: '' + ${user}:{PLAIN}${password} + '') authDef) + ); + in '' + auth_basic secured; + auth_basic_user_file ${htpasswdFile}; + ''; in { |