about summary refs log tree commit diff
path: root/configuration.nix
diff options
context:
space:
mode:
Diffstat (limited to 'configuration.nix')
-rw-r--r--configuration.nix7
1 files changed, 6 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix
index 5495558..be24ec0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -152,7 +152,8 @@ in {
         AUTH_STORE_URI = cfg.authstoreUri;
         JOB_QUEUE_URI = cfg.jobQueueUri;
         RUST_LOG = "${cfg.logLevel}";
-        COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
+        # TODO: consider hardening by using systemd credentials
+        COOKIE_KEY_FILE = "${cfg.cookieSecretFile}";
       };
 
       script = ''
@@ -161,6 +162,10 @@ in {
             export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
           fi
         ''}
+        if [[ ! -e "$COOKIE_KEY_FILE" ]]; then
+            dd if=/dev/urandom bs=64 count=1 | base64 > "$COOKIE_KEY_FILE"
+        fi
+        export COOKIE_KEY="$(cat "$COOKIE_KEY_FILE")"
         exec ${cfg.package}/bin/kittybox
       '';
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 07:37:52 +0000