mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2024-12-26 15:06:14 +01:00
htpasswd -> mkpasswd
This commit is contained in:
parent
004c229ca4
commit
a40e9c3abb
8 changed files with 22 additions and 22 deletions
|
@ -3,11 +3,11 @@ hydra-pr:
|
||||||
- merge_requests
|
- merge_requests
|
||||||
image: nixos/nix
|
image: nixos/nix
|
||||||
script:
|
script:
|
||||||
- nix --extra-experimental-features nix-command run -f channel:nixos-unstable hydra-cli -- -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver ${CI_MERGE_REQUEST_IID}
|
- nix-shell -I nixpkgs=channel:nixos-unstable -p hydra-cli --run 'hydra-cli -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver ${CI_MERGE_REQUEST_IID}'
|
||||||
|
|
||||||
hydra-master:
|
hydra-master:
|
||||||
only:
|
only:
|
||||||
- master
|
- master
|
||||||
image: nixos/nix
|
image: nixos/nix
|
||||||
script:
|
script:
|
||||||
- nix --extra-experimental-features nix-command run -f channel:nixos-unstable hydra-cli -- -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver master
|
- nix-shell -I nixpkgs=channel:nixos-unstable -p hydra-cli --run 'hydra-cli -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver master'
|
||||||
|
|
|
@ -96,7 +96,7 @@ D9FE 4119 F082 6F15 93BD BD36 6162 DBA5 635E A16A
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > /hashed/password/file/location
|
||||||
hashedPasswordFile = "/hashed/password/file/location";
|
hashedPasswordFile = "/hashed/password/file/location";
|
||||||
|
|
||||||
aliases = [
|
aliases = [
|
||||||
|
|
12
default.nix
12
default.nix
|
@ -72,10 +72,10 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
example = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";
|
example = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";
|
||||||
description = ''
|
description = ''
|
||||||
The user's hashed password. Use `htpasswd` as follows
|
The user's hashed password. Use `mkpasswd` as follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
|
|
||||||
Warning: this is stored in plaintext in the Nix store!
|
Warning: this is stored in plaintext in the Nix store!
|
||||||
|
@ -88,10 +88,10 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
example = "/run/keys/user1-passwordhash";
|
example = "/run/keys/user1-passwordhash";
|
||||||
description = ''
|
description = ''
|
||||||
A file containing the user's hashed password. Use `htpasswd` as follows
|
A file containing the user's hashed password. Use `mkpasswd` as follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -184,11 +184,11 @@ in
|
||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
The login account of the domain. Every account is mapped to a unix user,
|
The login account of the domain. Every account is mapped to a unix user,
|
||||||
e.g. `user1@example.com`. To generate the passwords use `htpasswd` as
|
e.g. `user1@example.com`. To generate the passwords use `mkpasswd` as
|
||||||
follows
|
follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
'';
|
'';
|
||||||
default = {};
|
default = {};
|
||||||
|
|
|
@ -4,8 +4,8 @@ Add Radicale
|
||||||
Configuration by @dotlambda
|
Configuration by @dotlambda
|
||||||
|
|
||||||
Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
|
Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
|
||||||
crypt passwords, as generated by `mkpasswd`, are no longer supported. Instead
|
crypt passwords are no longer supported. Instead bcrypt passwords
|
||||||
bcrypt passwords have to be used which can be generated using `htpasswd`.
|
have to be used. These can still be generated using `mkpasswd -m bcrypt`.
|
||||||
|
|
||||||
.. code:: nix
|
.. code:: nix
|
||||||
|
|
||||||
|
|
|
@ -458,11 +458,11 @@ mailserver.loginAccounts
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
The login account of the domain. Every account is mapped to a unix user,
|
The login account of the domain. Every account is mapped to a unix user,
|
||||||
e.g. `user1@example.com`. To generate the passwords use `htpasswd` as
|
e.g. `user1@example.com`. To generate the passwords use `mkpasswd` as
|
||||||
follows
|
follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -496,10 +496,10 @@ Note: Does not allow sending from all addresses of these domains.
|
||||||
mailserver.loginAccounts.<name>.hashedPassword
|
mailserver.loginAccounts.<name>.hashedPassword
|
||||||
----------------------------------------------
|
----------------------------------------------
|
||||||
|
|
||||||
The user's hashed password. Use `htpasswd` as follows
|
The user's hashed password. Use `mkpasswd` as follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
|
|
||||||
Warning: this is stored in plaintext in the Nix store!
|
Warning: this is stored in plaintext in the Nix store!
|
||||||
|
@ -513,10 +513,10 @@ Use `hashedPasswordFile` instead.
|
||||||
mailserver.loginAccounts.<name>.hashedPasswordFile
|
mailserver.loginAccounts.<name>.hashedPasswordFile
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
A file containing the user's hashed password. Use `htpasswd` as follows
|
A file containing the user's hashed password. Use `mkpasswd` as follows
|
||||||
|
|
||||||
```
|
```
|
||||||
nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@ these should be the most common ones.
|
||||||
domains = [ "example.com" ];
|
domains = [ "example.com" ];
|
||||||
|
|
||||||
# A list of all login accounts. To create the password hashes, use
|
# A list of all login accounts. To create the password hashes, use
|
||||||
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
hashedPasswordFile = "/a/file/containing/a/hashed/password";
|
hashedPasswordFile = "/a/file/containing/a/hashed/password";
|
||||||
|
|
|
@ -29,8 +29,8 @@ let
|
||||||
|
|
||||||
hashPassword = password: pkgs.runCommand
|
hashPassword = password: pkgs.runCommand
|
||||||
"password-${password}-hashed"
|
"password-${password}-hashed"
|
||||||
{ buildInputs = [ pkgs.apacheHttpd ]; } ''
|
{ buildInputs = [ pkgs.mkpasswd ]; inherit password; } ''
|
||||||
htpasswd -nbB "" "${password}" | cut -d: -f2 > $out
|
mkpasswd -sm bcrypt <<<"$password" > $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
hashedPasswordFile = hashPassword "my-password";
|
hashedPasswordFile = hashPassword "my-password";
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
let
|
let
|
||||||
hashPassword = password: pkgs.runCommand
|
hashPassword = password: pkgs.runCommand
|
||||||
"password-${password}-hashed"
|
"password-${password}-hashed"
|
||||||
{ buildInputs = [ pkgs.apacheHttpd ]; }
|
{ buildInputs = [ pkgs.mkpasswd ]; inherit password; }
|
||||||
''
|
''
|
||||||
htpasswd -nbB "" "${password}" | cut -d: -f2 > $out
|
mkpasswd -sm bcrypt <<<"$password" > $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
password = pkgs.writeText "password" "password";
|
password = pkgs.writeText "password" "password";
|
||||||
|
|
Loading…
Reference in a new issue