From 66049566ae865e1a4bd049257d6afc0abded16e9 Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Mon, 19 Sep 2022 17:30:38 +0300
Subject: feat: indieauth support

Working:
 - Tokens and codes
 - Authenticating with a password

Not working:
 - Setting the password (need to patch onboarding)
 - WebAuthn (the JavaScript is too complicated)
---
 configuration.nix | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'configuration.nix')

diff --git a/configuration.nix b/configuration.nix
index 87759c8..239243f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -50,9 +50,9 @@ in {
           Make sure that if you are using the file backend, the state
           directory is accessible by Kittybox. By default, the unit config
           uses DynamicUser=true, which prevents the unit from accessing
-          data outside of its directory. It is recommended to use a
-          bind-mount to /var/lib/private/kittybox if you require the state
-          directory to reside elsewhere.
+          data outside of its directory. It is recommended to reconfigure
+          the sandboxing or use a bind-mount to /var/lib/private/kittybox
+          if you require the state directory to reside elsewhere.
         '';
       };
       blobstoreUri = mkOption {
@@ -65,6 +65,15 @@ in {
           When using the file backend, check notes in the `backendUri` option too.
         '';
       };
+      authstoreUri = mkOption {
+        type = types.nullOr types.str;
+        default = "file:///var/lib/kittybox/auth";
+        description = ''
+          Set the backend used for persisting authentication data. Available options are:
+           - file:// - flat files. Codes are stored globally, tokens and
+             credentials are stored per-site.
+        '';
+      };
       microsubServer = mkOption {
         type = types.nullOr types.str;
         default = null;
@@ -112,7 +121,7 @@ in {
 
       restartTriggers = [
         cfg.package
-        cfg.backendUri cfg.blobstoreUri
+        cfg.backendUri cfg.blobstoreUri cfg.authstoreUri
         cfg.internalTokenFile
         cfg.bind cfg.port
         cfg.cookieSecretFile
@@ -122,9 +131,9 @@ in {
         SERVE_AT = "${cfg.bind}:${builtins.toString cfg.port}";
         MICROSUB_ENDPOINT = cfg.microsubServer;
         WEBMENTION_ENDPOINT = cfg.webmentionEndpoint;
-        #REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri;
         BACKEND_URI = cfg.backendUri;
         BLOBSTORE_URI = cfg.blobstoreUri;
+        AUTH_STORE_URI = cfg.authstoreUri;
         RUST_LOG = "${cfg.logLevel}";
         COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
       };
-- 
cgit 1.4.1