pyrox.dev
nginx module: implement basic auth
+14
-2
nixos/modules/services/web-servers/nginx/default.nix
+14
-2
nixos/modules/services/web-servers/nginx/default.nix
···
118
ssl_certificate_key ${vhost.sslCertificateKey};
119
''}
120
121
-
${genLocations vhost.locations}
122
123
${vhost.extraConfig}
124
}
125
''
126
) virtualHosts);
127
-
genLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
128
location ${location} {
129
${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"}
130
${optionalString (config.root != null) "root ${config.root};"}
131
${config.extraConfig}
132
}
133
'') locations);
134
in
135
136
{
···
118
ssl_certificate_key ${vhost.sslCertificateKey};
119
''}
120
121
+
${optionalString (vhost.basicAuth != {}) (mkBasicAuth serverName vhost.basicAuth)}
122
+
123
+
${mkLocations vhost.locations}
124
125
${vhost.extraConfig}
126
}
127
''
128
) virtualHosts);
129
+
mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
130
location ${location} {
131
${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"}
132
${optionalString (config.root != null) "root ${config.root};"}
133
${config.extraConfig}
134
}
135
'') locations);
136
+
mkBasicAuth = serverName: authDef: let
137
+
htpasswdFile = pkgs.writeText "${serverName}.htpasswd" (
138
+
concatStringsSep "\n" (mapAttrsToList (user: password: ''
139
+
${user}:{PLAIN}${password}
140
+
'') authDef)
141
+
);
142
+
in ''
143
+
auth_basic secured;
144
+
auth_basic_user_file ${htpasswdFile};
145
+
'';
146
in
147
148
{