pyrox.dev
nginx module: implement basic auth
+14
-2
nixos/modules/services/web-servers/nginx/default.nix
+14
-2
nixos/modules/services/web-servers/nginx/default.nix
···
118
118
ssl_certificate_key ${vhost.sslCertificateKey};
119
119
''}
120
120
121
-
${genLocations vhost.locations}
121
+
${optionalString (vhost.basicAuth != {}) (mkBasicAuth serverName vhost.basicAuth)}
122
+
123
+
${mkLocations vhost.locations}
122
124
123
125
${vhost.extraConfig}
124
126
}
125
127
''
126
128
) virtualHosts);
127
-
genLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
129
+
mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
128
130
location ${location} {
129
131
${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"}
130
132
${optionalString (config.root != null) "root ${config.root};"}
131
133
${config.extraConfig}
132
134
}
133
135
'') locations);
136
+
mkBasicAuth = serverName: authDef: let
137
+
htpasswdFile = pkgs.writeText "${serverName}.htpasswd" (
138
+
concatStringsSep "\n" (mapAttrsToList (user: password: ''
139
+
${user}:{PLAIN}${password}
140
+
'') authDef)
141
+
);
142
+
in ''
143
+
auth_basic secured;
144
+
auth_basic_user_file ${htpasswdFile};
145
+
'';
134
146
in
135
147
136
148
{