nginx: add a warning that nginx's basic auth isn't very good.

2020-11-02 08:15:28 -05:00
parent a4b86b2bf5
commit 3361a037b9
2 changed files with 10 additions and 4 deletions
--- a/nixos/modules/services/web-servers/nginx/location-options.nix
+++ b/nixos/modules/services/web-servers/nginx/location-options.nix
@@ -21,7 +21,7 @@ with lib;
        Basic Auth protection for a vhost.

        WARNING: This is implemented to store the password in plain text in the
-        nix store.
+        Nix store.
      '';
    };

@@ -30,7 +30,10 @@ with lib;
      default = null;
      description = ''
        Basic Auth password file for a vhost.
-        Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>
+        Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>.
+
+        WARNING: The generate file contains the users' passwords in a
+        non-cryptographically-securely hashed way.
      '';
    };

--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -198,7 +198,7 @@ with lib;
        Basic Auth protection for a vhost.

        WARNING: This is implemented to store the password in plain text in the
-        nix store.
+        Nix store.
      '';
    };

@@ -207,7 +207,10 @@ with lib;
      default = null;
      description = ''
        Basic Auth password file for a vhost.
-        Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>
+        Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>.
+
+        WARNING: The generate file contains the users' passwords in a
+        non-cryptographically-securely hashed way.
      '';
    };