diff options
| author | Vika Shleina <vika@fireburn.ru> | 2021-07-21 06:25:15 +0300 |
|---|---|---|
| committer | Vika <vika@fireburn.ru> | 2021-07-27 01:47:59 +0300 |
| commit | 758fe3ef8baa68e71f766ae5499dfa6988d0d72a (patch) | |
| tree | 51905753c1abcf8ddde28601ea2d3dbd92607f5e /flake.nix | |
| parent | c98e370326102dac0c7c16c9b556da018b41803b (diff) | |
Added an internal token mechanism
The internal token is a shared secret that can update and delete any posts stored in the database. It is intended for use in webmention endpoints to update posts with latest webmentions. Please keep it safe.
Diffstat (limited to 'flake.nix')
| -rw-r--r-- | flake.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/flake.nix b/flake.nix index 0ea2d37..d074ab1 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,11 @@ example = "https://indieauth.com/auth"; description = "Authorization endpoint to use to authenticate the user. You can use the default if you are unsure."; }; + internalTokenFile = mkOption { + type = types.nullOr types.str; + example = "/run/secrets/kittybox-shared-secret"; + description = "A shared secret that will, when passed, allow unlimited editing access to database. Keep it safe."; + }; }; }; config = lib.mkIf cfg.enable { @@ -101,8 +106,14 @@ REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri; }; + script = '' + if [[ -f ${cfg.internalTokenFile} ]]; then + export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile}) + fi + exec ${cfg.package}/bin/kittybox + ''; + serviceConfig = { - ExecStart = "${cfg.package}/bin/kittybox"; DynamicUser = true; }; }; |