commit 4c707039315ab2a276339f1ceb33dc1477f2d37f · pyrox.dev/nixpkgs

+10

nixos/modules/services/web-servers/ttyd.nix

···

       14
       14
        
                ++ (concatLists (mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions))

     

       15
       15
        
                ++ [ "--terminal-type" cfg.terminalType ]

     

       16
       16
        
                ++ optionals cfg.checkOrigin [ "--check-origin" ]

     

       17
       17
       +
                ++ optionals cfg.writeable [ "--writable" ] # the typo is correct

     

       17
       18
        
                ++ [ "--max-clients" (toString cfg.maxClients) ]

     

       18
       19
        
                ++ optionals (cfg.indexFile != null) [ "--index" cfg.indexFile ]

     

       19
       20
        
                ++ optionals cfg.enableIPv6 [ "--ipv6" ]

     
···

       73
       74
        
               type = types.ints.u8;

     

       74
       75
        
               default = 1;

     

       75
       76
        
               description = lib.mdDoc "Signal to send to the command on session close.";

     

       77
       77
       +
             };

     

       78
       78
       +
       

     

       79
       79
       +
             writeable = mkOption {

     

       80
       80
       +
               type = types.nullOr types.bool;

     

       81
       81
       +
               default = null; # null causes an eval error, forcing the user to consider attack surface

     

       82
       82
       +
               example = true;

     

       83
       83
       +
               description = lib.mdDoc "Allow clients to write to the TTY.";

     

       76
       84
        
             };

     

       77
       85
        
       

     

       78
       86
        
             clientOptions = mkOption {

     
···

       165
       173
        
             [ { assertion = cfg.enableSSL

     

       166
       174
        
                   -> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null;

     

       167
       175
        
                 message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; }

     

       176
       176
       +
               { assertion = cfg.writeable != null;

     

       177
       177
       +
                 message = "services.ttyd.writeable must be set"; }

     

       168
       178
        
               { assertion = ! (cfg.interface != null && cfg.socket != null);

     

       169
       179
        
                 message = "Cannot set both interface and socket for ttyd."; }

     

       170
       180
        
               { assertion = (cfg.username != null) == (cfg.passwordFile != null);

+16 -5

nixos/tests/web-servers/ttyd.nix

···

       2
       2
        
         name = "ttyd";

     

       3
       3
        
         meta.maintainers = with lib.maintainers; [ stunkymonkey ];

     

       4
       4
        
       

     

       5
       5
       -
         nodes.machine = { pkgs, ... }: {

     

       5
       5
       +
         nodes.readonly = { pkgs, ... }: {

     

       6
       6
        
           services.ttyd = {

     

       7
       7
        
             enable = true;

     

       8
       8
        
             username = "foo";

     

       9
       9
        
             passwordFile = pkgs.writeText "password" "bar";

     

       10
       10
       +
             writeable = false;

     

       11
       11
       +
           };

     

       12
       12
       +
         };

     

       13
       13
       +
       

     

       14
       14
       +
         nodes.writeable = { pkgs, ... }: {

     

       15
       15
       +
           services.ttyd = {

     

       16
       16
       +
             enable = true;

     

       17
       17
       +
             username = "foo";

     

       18
       18
       +
             passwordFile = pkgs.writeText "password" "bar";

     

       19
       19
       +
             writeable = true;

     

       10
       20
        
           };

     

       11
       21
        
         };

     

       12
       22
        
       

     

       13
       23
        
         testScript = ''

     

       14
       14
       -
           machine.wait_for_unit("ttyd.service")

     

       15
       15
       -
           machine.wait_for_open_port(7681)

     

       16
       16
       -
           response = machine.succeed("curl -vvv -u foo:bar -s -H 'Host: ttyd' http://127.0.0.1:7681/")

     

       17
       17
       -
           assert '<title>ttyd - Terminal</title>' in response, "Page didn't load successfully"

     

       24
       24
       +
           for machine in [readonly, writeable]:

     

       25
       25
       +
             machine.wait_for_unit("ttyd.service")

     

       26
       26
       +
             machine.wait_for_open_port(7681)

     

       27
       27
       +
             response = machine.succeed("curl -vvv -u foo:bar -s -H 'Host: ttyd' http://127.0.0.1:7681/")

     

       28
       28
       +
             assert '<title>ttyd - Terminal</title>' in response, "Page didn't load successfully"

     

       18
       29
        
         '';

     

       19
       30
        
       })