nixos/freshrss: authType option (c4d28ff1) · Commits · nix / nixpkgs

nixos/modules/services/web-apps/freshrss.nix

+43 −18

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@ let
		poolName = "freshrss";
		in
		{
		meta.maintainers = with maintainers; [ etu stunkymonkey ];
		meta.maintainers = with maintainers; [ etu stunkymonkey mattchrist ];

		options.services.freshrss = {
		enable = mkEnableOption (mdDoc "FreshRSS feed reader");
		@@ -27,7 +27,8 @@ in
		};

		passwordFile = mkOption {
		type = types.path;
		type = types.nullOr types.path;
		default = null;
		description = mdDoc "Password for the defaultUser for FreshRSS.";
		example = "/run/secrets/freshrss";
		};
		@@ -120,7 +121,13 @@ in
		user = mkOption {
		type = types.str;
		default = "freshrss";
		description = lib.mdDoc "User under which Freshrss runs.";
		description = lib.mdDoc "User under which FreshRSS runs.";
		};

		authType = mkOption {
		type = types.enum [ "form" "http_auth" "none" ];
		default = "form";
		description = mdDoc "Authentication type for FreshRSS.";
		};
		};

		@@ -160,6 +167,14 @@ in
		};
		in
		mkIf cfg.enable {
		assertions = mkIf (cfg.authType == "form") [
		{
		assertion = cfg.passwordFile != null;
		message = ''
		`passwordFile` must be supplied when using "form" authentication!
		'';
		}
		];
		# Set up a Nginx virtual host.
		services.nginx = mkIf (cfg.virtualHost != null) {
		enable = true;
		@@ -227,7 +242,7 @@ in
		settingsFlags = concatStringsSep " \\\n "
		(mapAttrsToList (k: v: "${k} ${toString v}") {
		"--default_user" = ''"${cfg.defaultUser}"'';
		"--auth_type" = ''"form"'';
		"--auth_type" = ''"${cfg.authType}"'';
		"--base_url" = ''"${cfg.baseUrl}"'';
		"--language" = ''"${cfg.language}"'';
		"--db-type" = ''"${cfg.database.type}"'';
		@@ -255,18 +270,28 @@ in
		FRESHRSS_DATA_PATH = cfg.dataDir;
		};

		script = ''
		script =
		let
		userScriptArgs = ''--user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"'';
		updateUserScript = optionalString (cfg.authType == "form") ''
		./cli/update-user.php ${userScriptArgs}
		'';
		createUserScript = optionalString (cfg.authType == "form") ''
		./cli/create-user.php ${userScriptArgs}
		'';
		in
		''
		# do installation or reconfigure
		if test -f ${cfg.dataDir}/config.php; then
		# reconfigure with settings
		./cli/reconfigure.php ${settingsFlags}
		./cli/update-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
		${updateUserScript}
		else
		# check correct folders in data folder
		./cli/prepare.php
		# install with settings
		./cli/do-install.php ${settingsFlags}
		./cli/create-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
		${createUserScript}
		fi
		'';
		};

nixos/tests/freshrss-http-auth.nix

0 → 100644

+20 −0

Original line number	Diff line number	Diff line
		import ./make-test-python.nix ({ lib, pkgs, ... }: {
		name = "freshrss";
		meta.maintainers = with lib.maintainers; [ mattchrist ];

		nodes.machine = { pkgs, ... }: {
		services.freshrss = {
		enable = true;
		baseUrl = "http://localhost";
		dataDir = "/srv/freshrss";
		authType = "http_auth";
		};
		};

		testScript = ''
		machine.wait_for_unit("multi-user.target")
		machine.wait_for_open_port(80)
		response = machine.succeed("curl -vvv -s -H 'Host: freshrss' -H 'Remote-User: testuser' http://127.0.0.1:80/i/")
		assert 'Account: testuser' in response, "http_auth method didn't work."
		'';
		})

pkgs/servers/web-apps/freshrss/default.nix

+1 −1

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ stdenvNoCC.mkDerivation rec {
		};

		passthru.tests = {
		inherit (nixosTests) freshrss-sqlite freshrss-pgsql;
		inherit (nixosTests) freshrss-sqlite freshrss-pgsql freshrss-http-auth;
		};

		buildInputs = [ php ];