public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/mosquitto: add passwordFile and hashedPasswordFile options

Browse Source
This commit is contained in:
Felix Tenley 2020-10-21 17:30:12 +02:00 committed by Bjørn Forsman
parent 53c52f1a45
commit 542f75079b
1 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nixos/modules/services/networking/mosquitto.nix
View File

@ -123,12 +123,33 @@ in
''; '';
}; };
passwordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
clear text password for the MQTT user.
'';
};
hashedPassword = mkOption { hashedPassword = mkOption {
type = with types; uniq (nullOr str); type = with types; uniq (nullOr str);
default = null; default = null;
description = '' description = ''
Specifies the hashed password for the MQTT User. Specifies the hashed password for the MQTT User.
<option>hashedPassword</option> overrides <option>password</option>. To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>.
'';
};
hashedPasswordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
hashed password for the MQTT user.
To generate hashed password install <literal>mosquitto</literal> To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>. package and use <literal>mosquitto_passwd</literal>.
''; '';
@ -190,6 +211,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = mapAttrsToList (name: cfg: {
assertion = length (filter (s: s != null) (with cfg; [
password passwordFile hashedPassword hashedPasswordFile
])) <= 1;
message = "Cannot set more than one password option";
}) cfg.users;
systemd.services.mosquitto = { systemd.services.mosquitto = {
description = "Mosquitto MQTT Broker Daemon"; description = "Mosquitto MQTT Broker Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -210,7 +238,11 @@ in
touch ${cfg.dataDir}/passwd touch ${cfg.dataDir}/passwd
'' + concatStringsSep "\n" ( '' + concatStringsSep "\n" (
mapAttrsToList (n: c: mapAttrsToList (n: c:
if c.hashedPassword != null then if c.hashedPasswordFile != null then
"echo '${n}:'$(cat '${c.hashedPasswordFile}') >> ${cfg.dataDir}/passwd"
else if c.passwordFile != null then
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} $(cat '${c.passwordFile}')"
else if c.hashedPassword != null then
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd" "echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd"
else optionalString (c.password != null) else optionalString (c.password != null)
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'" "${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'"