about summary refs log tree commit diff
path: root/configuration.nix
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2022-09-19 17:30:38 +0300
committerVika <vika@fireburn.ru>2022-09-19 17:30:38 +0300
commit66049566ae865e1a4bd049257d6afc0abded16e9 (patch)
tree6013a26fa98a149d103eb4402ca91d698ef02ac2 /configuration.nix
parent696458657b26032e6e2a987c059fd69aaa10508d (diff)
downloadkittybox-66049566ae865e1a4bd049257d6afc0abded16e9.tar.zst
feat: indieauth support
Working:
 - Tokens and codes
 - Authenticating with a password

Not working:
 - Setting the password (need to patch onboarding)
 - WebAuthn (the JavaScript is too complicated)
Diffstat (limited to 'configuration.nix')
-rw-r--r--configuration.nix19
1 files changed, 14 insertions, 5 deletions
diff --git a/configuration.nix b/configuration.nix
index 87759c8..239243f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -50,9 +50,9 @@ in {
           Make sure that if you are using the file backend, the state
           directory is accessible by Kittybox. By default, the unit config
           uses DynamicUser=true, which prevents the unit from accessing
-          data outside of its directory. It is recommended to use a
-          bind-mount to /var/lib/private/kittybox if you require the state
-          directory to reside elsewhere.
+          data outside of its directory. It is recommended to reconfigure
+          the sandboxing or use a bind-mount to /var/lib/private/kittybox
+          if you require the state directory to reside elsewhere.
         '';
       };
       blobstoreUri = mkOption {
@@ -65,6 +65,15 @@ in {
           When using the file backend, check notes in the `backendUri` option too.
         '';
       };
+      authstoreUri = mkOption {
+        type = types.nullOr types.str;
+        default = "file:///var/lib/kittybox/auth";
+        description = ''
+          Set the backend used for persisting authentication data. Available options are:
+           - file:// - flat files. Codes are stored globally, tokens and
+             credentials are stored per-site.
+        '';
+      };
       microsubServer = mkOption {
         type = types.nullOr types.str;
         default = null;
@@ -112,7 +121,7 @@ in {
 
       restartTriggers = [
         cfg.package
-        cfg.backendUri cfg.blobstoreUri
+        cfg.backendUri cfg.blobstoreUri cfg.authstoreUri
         cfg.internalTokenFile
         cfg.bind cfg.port
         cfg.cookieSecretFile
@@ -122,9 +131,9 @@ in {
         SERVE_AT = "${cfg.bind}:${builtins.toString cfg.port}";
         MICROSUB_ENDPOINT = cfg.microsubServer;
         WEBMENTION_ENDPOINT = cfg.webmentionEndpoint;
-        #REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri;
         BACKEND_URI = cfg.backendUri;
         BLOBSTORE_URI = cfg.blobstoreUri;
+        AUTH_STORE_URI = cfg.authstoreUri;
         RUST_LOG = "${cfg.logLevel}";
         COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
       };