nixos/mosquitto: add passwordFile and hashedPasswordFile options
This commit is contained in:
parent
53c52f1a45
commit
542f75079b
1 changed files with 34 additions and 2 deletions
|
@ -123,12 +123,33 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
example = "/path/to/file";
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the path to a file containing the
|
||||
clear text password for the MQTT user.
|
||||
'';
|
||||
};
|
||||
|
||||
hashedPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the hashed password for the MQTT User.
|
||||
<option>hashedPassword</option> overrides <option>password</option>.
|
||||
To generate hashed password install <literal>mosquitto</literal>
|
||||
package and use <literal>mosquitto_passwd</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
hashedPasswordFile = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
example = "/path/to/file";
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the path to a file containing the
|
||||
hashed password for the MQTT user.
|
||||
To generate hashed password install <literal>mosquitto</literal>
|
||||
package and use <literal>mosquitto_passwd</literal>.
|
||||
'';
|
||||
|
@ -190,6 +211,13 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = mapAttrsToList (name: cfg: {
|
||||
assertion = length (filter (s: s != null) (with cfg; [
|
||||
password passwordFile hashedPassword hashedPasswordFile
|
||||
])) <= 1;
|
||||
message = "Cannot set more than one password option";
|
||||
}) cfg.users;
|
||||
|
||||
systemd.services.mosquitto = {
|
||||
description = "Mosquitto MQTT Broker Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -210,7 +238,11 @@ in
|
|||
touch ${cfg.dataDir}/passwd
|
||||
'' + concatStringsSep "\n" (
|
||||
mapAttrsToList (n: c:
|
||||
if c.hashedPassword != null then
|
||||
if c.hashedPasswordFile != null then
|
||||
"echo '${n}:'$(cat '${c.hashedPasswordFile}') >> ${cfg.dataDir}/passwd"
|
||||
else if c.passwordFile != null then
|
||||
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} $(cat '${c.passwordFile}')"
|
||||
else if c.hashedPassword != null then
|
||||
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd"
|
||||
else optionalString (c.password != null)
|
||||
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'"
|
||||
|
|
Loading…
Reference in a new issue