Get cookie key from the environment

author: Vika <vika@fireburn.ru> 2024-08-01 20:29:26 +0300
committer: Vika <vika@fireburn.ru> 2024-08-01 20:40:32 +0300
commit: 46e7938121929a4c5f4d15a295e74d8685b17b2b (patch)
tree: 8c3c5844a4a571b939af94577d6e758b91f3209b /configuration.nix
parent: 3c4eb66ca5f96b8cc3289aba6c34373df1dba64a (diff)
download: kittybox-46e7938121929a4c5f4d15a295e74d8685b17b2b.tar.zst
1 files changed, 6 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix
index 5495558..be24ec0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -152,7 +152,8 @@ in {
         AUTH_STORE_URI = cfg.authstoreUri;
         JOB_QUEUE_URI = cfg.jobQueueUri;
         RUST_LOG = "${cfg.logLevel}";
-        COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
+        # TODO: consider hardening by using systemd credentials
+        COOKIE_KEY_FILE = "${cfg.cookieSecretFile}";
       };
 
       script = ''
@@ -161,6 +162,10 @@ in {
             export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
           fi
         ''}
+        if [[ ! -e "$COOKIE_KEY_FILE" ]]; then
+            dd if=/dev/urandom bs=64 count=1 | base64 > "$COOKIE_KEY_FILE"
+        fi
+        export COOKIE_KEY="$(cat "$COOKIE_KEY_FILE")"
         exec ${cfg.package}/bin/kittybox
       '';
author	Vika <vika@fireburn.ru>	2024-08-01 20:29:26 +0300
committer	Vika <vika@fireburn.ru>	2024-08-01 20:40:32 +0300
commit	46e7938121929a4c5f4d15a295e74d8685b17b2b (patch)
tree	8c3c5844a4a571b939af94577d6e758b91f3209b /configuration.nix
parent	3c4eb66ca5f96b8cc3289aba6c34373df1dba64a (diff)
download	kittybox-46e7938121929a4c5f4d15a295e74d8685b17b2b.tar.zst