From 46e7938121929a4c5f4d15a295e74d8685b17b2b Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Thu, 1 Aug 2024 20:29:26 +0300
Subject: Get cookie key from the environment

---
 configuration.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'configuration.nix')

diff --git a/configuration.nix b/configuration.nix
index 5495558..be24ec0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -152,7 +152,8 @@ in {
         AUTH_STORE_URI = cfg.authstoreUri;
         JOB_QUEUE_URI = cfg.jobQueueUri;
         RUST_LOG = "${cfg.logLevel}";
-        COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
+        # TODO: consider hardening by using systemd credentials
+        COOKIE_KEY_FILE = "${cfg.cookieSecretFile}";
       };
 
       script = ''
@@ -161,6 +162,10 @@ in {
             export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
           fi
         ''}
+        if [[ ! -e "$COOKIE_KEY_FILE" ]]; then
+            dd if=/dev/urandom bs=64 count=1 | base64 > "$COOKIE_KEY_FILE"
+        fi
+        export COOKIE_KEY="$(cat "$COOKIE_KEY_FILE")"
         exec ${cfg.package}/bin/kittybox
       '';
 
-- 
cgit 1.4.1