Loading nixos/modules/services/web-servers/ttyd.nix +10 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,7 @@ let ++ (concatLists (mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions)) ++ [ "--terminal-type" cfg.terminalType ] ++ optionals cfg.checkOrigin [ "--check-origin" ] ++ optionals cfg.writeable [ "--writable" ] # the typo is correct ++ [ "--max-clients" (toString cfg.maxClients) ] ++ optionals (cfg.indexFile != null) [ "--index" cfg.indexFile ] ++ optionals cfg.enableIPv6 [ "--ipv6" ] Loading Loading @@ -75,6 +76,13 @@ in description = lib.mdDoc "Signal to send to the command on session close."; }; writeable = mkOption { type = types.nullOr types.bool; default = null; # null causes an eval error, forcing the user to consider attack surface example = true; description = lib.mdDoc "Allow clients to write to the TTY."; }; clientOptions = mkOption { type = types.attrsOf types.str; default = {}; Loading Loading @@ -165,6 +173,8 @@ in [ { assertion = cfg.enableSSL -> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null; message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; } { assertion = cfg.writeable != null; message = "services.ttyd.writeable must be set"; } { assertion = ! (cfg.interface != null && cfg.socket != null); message = "Cannot set both interface and socket for ttyd."; } { assertion = (cfg.username != null) == (cfg.passwordFile != null); Loading nixos/tests/web-servers/ttyd.nix +16 −5 Original line number Diff line number Diff line Loading @@ -2,15 +2,26 @@ import ../make-test-python.nix ({ lib, pkgs, ... }: { name = "ttyd"; meta.maintainers = with lib.maintainers; [ stunkymonkey ]; nodes.machine = { pkgs, ... }: { nodes.readonly = { pkgs, ... }: { services.ttyd = { enable = true; username = "foo"; passwordFile = pkgs.writeText "password" "bar"; writeable = false; }; }; nodes.writeable = { pkgs, ... }: { services.ttyd = { enable = true; username = "foo"; passwordFile = pkgs.writeText "password" "bar"; writeable = true; }; }; testScript = '' for machine in [readonly, writeable]: machine.wait_for_unit("ttyd.service") machine.wait_for_open_port(7681) response = machine.succeed("curl -vvv -u foo:bar -s -H 'Host: ttyd' http://127.0.0.1:7681/") Loading Loading
nixos/modules/services/web-servers/ttyd.nix +10 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,7 @@ let ++ (concatLists (mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions)) ++ [ "--terminal-type" cfg.terminalType ] ++ optionals cfg.checkOrigin [ "--check-origin" ] ++ optionals cfg.writeable [ "--writable" ] # the typo is correct ++ [ "--max-clients" (toString cfg.maxClients) ] ++ optionals (cfg.indexFile != null) [ "--index" cfg.indexFile ] ++ optionals cfg.enableIPv6 [ "--ipv6" ] Loading Loading @@ -75,6 +76,13 @@ in description = lib.mdDoc "Signal to send to the command on session close."; }; writeable = mkOption { type = types.nullOr types.bool; default = null; # null causes an eval error, forcing the user to consider attack surface example = true; description = lib.mdDoc "Allow clients to write to the TTY."; }; clientOptions = mkOption { type = types.attrsOf types.str; default = {}; Loading Loading @@ -165,6 +173,8 @@ in [ { assertion = cfg.enableSSL -> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null; message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; } { assertion = cfg.writeable != null; message = "services.ttyd.writeable must be set"; } { assertion = ! (cfg.interface != null && cfg.socket != null); message = "Cannot set both interface and socket for ttyd."; } { assertion = (cfg.username != null) == (cfg.passwordFile != null); Loading
nixos/tests/web-servers/ttyd.nix +16 −5 Original line number Diff line number Diff line Loading @@ -2,15 +2,26 @@ import ../make-test-python.nix ({ lib, pkgs, ... }: { name = "ttyd"; meta.maintainers = with lib.maintainers; [ stunkymonkey ]; nodes.machine = { pkgs, ... }: { nodes.readonly = { pkgs, ... }: { services.ttyd = { enable = true; username = "foo"; passwordFile = pkgs.writeText "password" "bar"; writeable = false; }; }; nodes.writeable = { pkgs, ... }: { services.ttyd = { enable = true; username = "foo"; passwordFile = pkgs.writeText "password" "bar"; writeable = true; }; }; testScript = '' for machine in [readonly, writeable]: machine.wait_for_unit("ttyd.service") machine.wait_for_open_port(7681) response = machine.succeed("curl -vvv -u foo:bar -s -H 'Host: ttyd' http://127.0.0.1:7681/") Loading
Carsten Rodin <19612711+carstoid@users.noreply.github.com>