diff options
author | Vika <vika@fireburn.ru> | 2022-09-19 17:30:38 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2022-09-19 17:30:38 +0300 |
commit | 66049566ae865e1a4bd049257d6afc0abded16e9 (patch) | |
tree | 6013a26fa98a149d103eb4402ca91d698ef02ac2 /configuration.nix | |
parent | 696458657b26032e6e2a987c059fd69aaa10508d (diff) | |
download | kittybox-66049566ae865e1a4bd049257d6afc0abded16e9.tar.zst |
feat: indieauth support
Working: - Tokens and codes - Authenticating with a password Not working: - Setting the password (need to patch onboarding) - WebAuthn (the JavaScript is too complicated)
Diffstat (limited to 'configuration.nix')
-rw-r--r-- | configuration.nix | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/configuration.nix b/configuration.nix index 87759c8..239243f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -50,9 +50,9 @@ in { Make sure that if you are using the file backend, the state directory is accessible by Kittybox. By default, the unit config uses DynamicUser=true, which prevents the unit from accessing - data outside of its directory. It is recommended to use a - bind-mount to /var/lib/private/kittybox if you require the state - directory to reside elsewhere. + data outside of its directory. It is recommended to reconfigure + the sandboxing or use a bind-mount to /var/lib/private/kittybox + if you require the state directory to reside elsewhere. ''; }; blobstoreUri = mkOption { @@ -65,6 +65,15 @@ in { When using the file backend, check notes in the `backendUri` option too. ''; }; + authstoreUri = mkOption { + type = types.nullOr types.str; + default = "file:///var/lib/kittybox/auth"; + description = '' + Set the backend used for persisting authentication data. Available options are: + - file:// - flat files. Codes are stored globally, tokens and + credentials are stored per-site. + ''; + }; microsubServer = mkOption { type = types.nullOr types.str; default = null; @@ -112,7 +121,7 @@ in { restartTriggers = [ cfg.package - cfg.backendUri cfg.blobstoreUri + cfg.backendUri cfg.blobstoreUri cfg.authstoreUri cfg.internalTokenFile cfg.bind cfg.port cfg.cookieSecretFile @@ -122,9 +131,9 @@ in { SERVE_AT = "${cfg.bind}:${builtins.toString cfg.port}"; MICROSUB_ENDPOINT = cfg.microsubServer; WEBMENTION_ENDPOINT = cfg.webmentionEndpoint; - #REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri; BACKEND_URI = cfg.backendUri; BLOBSTORE_URI = cfg.blobstoreUri; + AUTH_STORE_URI = cfg.authstoreUri; RUST_LOG = "${cfg.logLevel}"; COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}"; }; |