diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-apps/freshrss.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/web-apps/freshrss.nix | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/nixpkgs/nixos/modules/services/web-apps/freshrss.nix b/nixpkgs/nixos/modules/services/web-apps/freshrss.nix index 89e29f7ccb51..ffc05d0e41f8 100644 --- a/nixpkgs/nixos/modules/services/web-apps/freshrss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/freshrss.nix @@ -7,7 +7,7 @@ let poolName = "freshrss"; in { - meta.maintainers = with maintainers; [ etu stunkymonkey ]; + meta.maintainers = with maintainers; [ etu stunkymonkey mattchrist ]; options.services.freshrss = { enable = mkEnableOption (mdDoc "FreshRSS feed reader"); @@ -27,7 +27,8 @@ in }; passwordFile = mkOption { - type = types.path; + type = types.nullOr types.path; + default = null; description = mdDoc "Password for the defaultUser for FreshRSS."; example = "/run/secrets/freshrss"; }; @@ -120,7 +121,13 @@ in user = mkOption { type = types.str; default = "freshrss"; - description = lib.mdDoc "User under which Freshrss runs."; + description = lib.mdDoc "User under which FreshRSS runs."; + }; + + authType = mkOption { + type = types.enum [ "form" "http_auth" "none" ]; + default = "form"; + description = mdDoc "Authentication type for FreshRSS."; }; }; @@ -160,6 +167,14 @@ in }; in mkIf cfg.enable { + assertions = mkIf (cfg.authType == "form") [ + { + assertion = cfg.passwordFile != null; + message = '' + `passwordFile` must be supplied when using "form" authentication! + ''; + } + ]; # Set up a Nginx virtual host. services.nginx = mkIf (cfg.virtualHost != null) { enable = true; @@ -227,7 +242,7 @@ in settingsFlags = concatStringsSep " \\\n " (mapAttrsToList (k: v: "${k} ${toString v}") { "--default_user" = ''"${cfg.defaultUser}"''; - "--auth_type" = ''"form"''; + "--auth_type" = ''"${cfg.authType}"''; "--base_url" = ''"${cfg.baseUrl}"''; "--language" = ''"${cfg.language}"''; "--db-type" = ''"${cfg.database.type}"''; @@ -255,20 +270,30 @@ in FRESHRSS_DATA_PATH = cfg.dataDir; }; - script = '' - # do installation or reconfigure - if test -f ${cfg.dataDir}/config.php; then - # reconfigure with settings - ./cli/reconfigure.php ${settingsFlags} - ./cli/update-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})" - else - # check correct folders in data folder - ./cli/prepare.php - # install with settings - ./cli/do-install.php ${settingsFlags} - ./cli/create-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})" - fi - ''; + script = + let + userScriptArgs = ''--user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"''; + updateUserScript = optionalString (cfg.authType == "form") '' + ./cli/update-user.php ${userScriptArgs} + ''; + createUserScript = optionalString (cfg.authType == "form") '' + ./cli/create-user.php ${userScriptArgs} + ''; + in + '' + # do installation or reconfigure + if test -f ${cfg.dataDir}/config.php; then + # reconfigure with settings + ./cli/reconfigure.php ${settingsFlags} + ${updateUserScript} + else + # check correct folders in data folder + ./cli/prepare.php + # install with settings + ./cli/do-install.php ${settingsFlags} + ${createUserScript} + fi + ''; }; systemd.services.freshrss-updater = { |