diff options
author | Graham Christensen <graham@grahamc.com> | 2020-10-20 14:11:21 +0000 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2020-11-02 08:16:00 -0500 |
commit | c7bf3828f04e512a6ef2691f7e48d527961f3692 (patch) | |
tree | 296a3f2f5bba85739ebfbe4ea0e08b31fd4e9c5f | |
parent | 33cf4f0e8eea945984486d747cdf7c35b89ccf51 (diff) |
nginx: add basic auth support for locations
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/location-options.nix | 25 |
2 files changed, 26 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index ee1053698636..e9630d379f36 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -290,6 +290,7 @@ let ${optionalString (config.return != null) "return ${config.return};"} ${config.extraConfig} ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} + ${mkBasicAuth "sublocation" config} } '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 3d9e391ecf20..793f29f09fb1 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -9,6 +9,31 @@ with lib; { options = { + basicAuth = mkOption { + type = types.attrsOf types.str; + default = {}; + example = literalExample '' + { + user = "password"; + }; + ''; + description = '' + Basic Auth protection for a vhost. + + WARNING: This is implemented to store the password in plain text in the + nix store. + ''; + }; + + basicAuthFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Basic Auth password file for a vhost. + Can be created via: <command>htpasswd -c <filename> <username></command> + ''; + }; + proxyPass = mkOption { type = types.nullOr types.str; default = null; |