From 9a9776230ce8d12d305ca8db19cc76f20ae40926 Mon Sep 17 00:00:00 2001 From: Vika Date: Mon, 6 Dec 2021 20:39:04 +0300 Subject: Added support for IndieAuth client sign in This will allow readers to view private posts intended just for them. Additionally fixed bugs in patterns due to which webmentions might not have been sent. --- flake.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'flake.nix') diff --git a/flake.nix b/flake.nix index 0b0e039..4366190 100644 --- a/flake.nix +++ b/flake.nix @@ -124,6 +124,12 @@ example = "/run/secrets/kittybox-shared-secret"; description = "A shared secret that will, when passed, allow unlimited editing access to database. Keep it safe."; }; + cookieSecretFile = mkOption { + type = types.str; + default = "/var/lib/kittybox/cookie_secret_key"; + example = "/run/secrets/kittybox-cookie-secret"; + description = "A secret file to encrypt cookies with the contents of. Should be at least 32 bytes in length. A random persistent file will be generated if this variable is left untouched."; + }; }; }; config = lib.mkIf cfg.enable { @@ -139,6 +145,7 @@ cfg.authorizationEndpoint cfg.internalTokenFile cfg.bind cfg.port + cfg.cookieSecretFile ]; environment = { @@ -151,6 +158,7 @@ #REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri; BACKEND_URI = cfg.backendUri; RUST_LOG = "${cfg.logLevel}"; + COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}"; }; script = '' @@ -159,6 +167,9 @@ export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile}) fi ''} + if [[ ${cfg.cookieSecretFile} == /var/lib/kittybox/cookie_secret_key && ! -f /var/lib/kittybox/cookie_secret_key ]]; then + cat /dev/urandom | tr -Cd '[:alnum:]' | head -c 128 > /var/lib/kittybox/cookie_secret_key + fi exec ${cfg.package}/bin/kittybox ''; -- cgit 1.4.1