nixos/freshrss: authType option
This patch adds an `authType` option to enable configuring FreshRSS's `auth_type` parameter. Upstream documentation for this feature is located here: https://freshrss.github.io/FreshRSS/en/admins/09_AccessControl.html An accompanying NixOS test is provided to confirm this feature works as expected.
This commit is contained in:
parent
b49c4f87f9
commit
c4d28ff161
3 changed files with 64 additions and 19 deletions
|
@ -7,7 +7,7 @@ let
|
|||
poolName = "freshrss";
|
||||
in
|
||||
{
|
||||
meta.maintainers = with maintainers; [ etu stunkymonkey ];
|
||||
meta.maintainers = with maintainers; [ etu stunkymonkey mattchrist ];
|
||||
|
||||
options.services.freshrss = {
|
||||
enable = mkEnableOption (mdDoc "FreshRSS feed reader");
|
||||
|
@ -27,7 +27,8 @@ in
|
|||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.path;
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = mdDoc "Password for the defaultUser for FreshRSS.";
|
||||
example = "/run/secrets/freshrss";
|
||||
};
|
||||
|
@ -120,7 +121,13 @@ in
|
|||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "freshrss";
|
||||
description = lib.mdDoc "User under which Freshrss runs.";
|
||||
description = lib.mdDoc "User under which FreshRSS runs.";
|
||||
};
|
||||
|
||||
authType = mkOption {
|
||||
type = types.enum [ "form" "http_auth" "none" ];
|
||||
default = "form";
|
||||
description = mdDoc "Authentication type for FreshRSS.";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -160,6 +167,14 @@ in
|
|||
};
|
||||
in
|
||||
mkIf cfg.enable {
|
||||
assertions = mkIf (cfg.authType == "form") [
|
||||
{
|
||||
assertion = cfg.passwordFile != null;
|
||||
message = ''
|
||||
`passwordFile` must be supplied when using "form" authentication!
|
||||
'';
|
||||
}
|
||||
];
|
||||
# Set up a Nginx virtual host.
|
||||
services.nginx = mkIf (cfg.virtualHost != null) {
|
||||
enable = true;
|
||||
|
@ -227,7 +242,7 @@ in
|
|||
settingsFlags = concatStringsSep " \\\n "
|
||||
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
||||
"--default_user" = ''"${cfg.defaultUser}"'';
|
||||
"--auth_type" = ''"form"'';
|
||||
"--auth_type" = ''"${cfg.authType}"'';
|
||||
"--base_url" = ''"${cfg.baseUrl}"'';
|
||||
"--language" = ''"${cfg.language}"'';
|
||||
"--db-type" = ''"${cfg.database.type}"'';
|
||||
|
@ -255,18 +270,28 @@ in
|
|||
FRESHRSS_DATA_PATH = cfg.dataDir;
|
||||
};
|
||||
|
||||
script = ''
|
||||
script =
|
||||
let
|
||||
userScriptArgs = ''--user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"'';
|
||||
updateUserScript = optionalString (cfg.authType == "form") ''
|
||||
./cli/update-user.php ${userScriptArgs}
|
||||
'';
|
||||
createUserScript = optionalString (cfg.authType == "form") ''
|
||||
./cli/create-user.php ${userScriptArgs}
|
||||
'';
|
||||
in
|
||||
''
|
||||
# do installation or reconfigure
|
||||
if test -f ${cfg.dataDir}/config.php; then
|
||||
# reconfigure with settings
|
||||
./cli/reconfigure.php ${settingsFlags}
|
||||
./cli/update-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
|
||||
${updateUserScript}
|
||||
else
|
||||
# check correct folders in data folder
|
||||
./cli/prepare.php
|
||||
# install with settings
|
||||
./cli/do-install.php ${settingsFlags}
|
||||
./cli/create-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
|
||||
${createUserScript}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
|
20
nixos/tests/freshrss-http-auth.nix
Normal file
20
nixos/tests/freshrss-http-auth.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
name = "freshrss";
|
||||
meta.maintainers = with lib.maintainers; [ mattchrist ];
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
services.freshrss = {
|
||||
enable = true;
|
||||
baseUrl = "http://localhost";
|
||||
dataDir = "/srv/freshrss";
|
||||
authType = "http_auth";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.wait_for_open_port(80)
|
||||
response = machine.succeed("curl -vvv -s -H 'Host: freshrss' -H 'Remote-User: testuser' http://127.0.0.1:80/i/")
|
||||
assert 'Account: testuser' in response, "http_auth method didn't work."
|
||||
'';
|
||||
})
|
|
@ -18,7 +18,7 @@ stdenvNoCC.mkDerivation rec {
|
|||
};
|
||||
|
||||
passthru.tests = {
|
||||
inherit (nixosTests) freshrss-sqlite freshrss-pgsql;
|
||||
inherit (nixosTests) freshrss-sqlite freshrss-pgsql freshrss-http-auth;
|
||||
};
|
||||
|
||||
buildInputs = [ php ];
|
||||
|
|
Loading…
Reference in a new issue