dan/liminix
1
0
Fork 5
Code

(untested) http basic auth for outboard secrets

Browse Source
This commit is contained in:
Daniel Barlow 2024-08-28 20:53:59 +01:00
parent b56f121e04
commit fe7b092075
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/router-with-l2tp.nix
View File

@ -68,6 +68,8 @@ in rec {
services.secrets = svc.secrets.outboard.build {
name = "secret-service";
url = "http://10.0.0.1/liminix/examples/real-secrets.json";
username = "demo";
password = "demo";
interval = 5;
dependencies = [ services.wan-address-for-secrets ];
};

9
modules/secrets/default.nix
View File

@ -26,6 +26,15 @@ in {
description = "source url";
type = types.strMatching "https?://.*";
};
username = mkOption {
description = "username for HTTP basic auth";
type = types.nullOr types.str;
};
password = mkOption {
description = "password for HTTP basic auth";
type = types.nullOr types.str;
};
name = mkOption {
description = "service name";
type = types.str;

7
modules/secrets/outboard.nix
View File

@ -1,14 +1,19 @@
{
liminix, lib, json-to-fstree, serviceFns
}:
{ name, url, interval } :
{ name, url, interval, username, password } :
let
inherit (liminix.services) oneshot longrun;
inherit (lib) optionalString;
in longrun {
inherit name;
buildInputs = [ json-to-fstree ];
run = ''
. ${serviceFns}
${optionalString (username != null) ''
export NETRC=$(mkstate ${name})/netrc
(echo default ; echo login ${username} ; echo password ${password} ) > $NETRC
''}
( in_outputs ${name}
while : ; do
${json-to-fstree}/bin/json-to-fstree ${url} .