nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 00:12:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #63101 from dasJ/gitea-jwt

Browse Source 
nixos/gitea: Generate a JWT secret for git LFS
This commit is contained in:
Aaron Andersen 2019-06-27 13:06:17 -04:00 committed by GitHub
commit fa01a229e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/misc/gitea.nix
View File

@ -38,6 +38,7 @@ let
HTTP_PORT = ${toString cfg.httpPort}
ROOT_URL = ${cfg.rootUrl}
STATIC_ROOT_PATH = ${cfg.staticRootPath}
LFS_JWT_SECRET = #jwtsecret#
[session]
COOKIE_NAME = session
@ -326,21 +327,28 @@ in
preStart = let
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
jwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret";
in ''
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
cp -f ${configFile} ${runConfig}
if [ ! -e ${secretKey} ]; then
head -c 16 /dev/urandom | base64 > ${secretKey}
${gitea.bin}/bin/gitea generate secret SECRET_KEY > ${secretKey}
fi
KEY=$(head -n1 ${secretKey})
DBPASS=$(head -n1 ${cfg.database.passwordFile})
if [ ! -e ${jwtSecret} ]; then
${gitea.bin}/bin/gitea generate secret LFS_JWT_SECRET > ${jwtSecret}
fi
KEY="$(head -n1 ${secretKey})"
DBPASS="$(head -n1 ${cfg.database.passwordFile})"
JWTSECRET="$(head -n1 ${jwtSecret})"
sed -e "s,#secretkey#,$KEY,g" \
-e "s,#dbpass#,$DBPASS,g" \
-e "s,#jwtsecet#,$JWTSECET,g" \
-i ${runConfig}
chmod 640 ${runConfig} ${secretKey}
chmod 640 ${runConfig} ${secretKey} ${jwtSecret}
''}
# update all hooks' binary paths