SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 15:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

radicale: Encrypt the whole htpasswd file

Browse source
This commit is contained in:
SebastianStork 2025-09-19 18:27:05 +02:00
parent 44da7817c3
commit d7ff914152
2 changed files with 42 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/system/services/radicale.nix
View file

@ -28,13 +28,9 @@ in
ports.tcp.list = [ cfg.port ];
};
sops = {
secrets."radicale/seb-password" = { };
templates."radicale/htpasswd" = {
owner = config.users.users.radicale.name;
content = "seb:${config.sops.placeholder."radicale/seb-password"}";
restartUnits = [ "radicale.service" ];
};
sops.secrets."radicale/htpasswd" = {
owner = config.users.users.radicale.name;
restartUnits = [ "radicale.service" ];
};
services.radicale = {
@ -43,7 +39,7 @@ in
server.hosts = "localhost:${builtins.toString cfg.port}";
auth = {
type = "htpasswd";
htpasswd_filename = config.sops.templates."radicale/htpasswd".path;
htpasswd_filename = config.sops.secrets."radicale/htpasswd".path;
htpasswd_encryption = "bcrypt";
};
storage.filesystem_folder = "/var/lib/radicale/collections";