mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 20:34:52 +03:00
wordpress: replace the dbPassword option with dbPasswordFile (#24146)
We shouldn't force users to store passwords in the world-readable Nix store.
This commit is contained in:
parent
8c28474c02
commit
6f2eca1744
@ -9,7 +9,7 @@ let
|
||||
<?php
|
||||
define('DB_NAME', '${config.dbName}');
|
||||
define('DB_USER', '${config.dbUser}');
|
||||
define('DB_PASSWORD', '${config.dbPassword}');
|
||||
define('DB_PASSWORD', file_get_contents('${config.dbPasswordFile}'));
|
||||
define('DB_HOST', '${config.dbHost}');
|
||||
define('DB_CHARSET', 'utf8');
|
||||
$table_prefix = '${config.tablePrefix}';
|
||||
@ -137,9 +137,34 @@ in
|
||||
};
|
||||
dbPassword = mkOption {
|
||||
default = "wordpress";
|
||||
description = "The mysql password to the respective dbUser.";
|
||||
description = ''
|
||||
The mysql password to the respective dbUser.
|
||||
|
||||
Warning: this password is stored in the world-readable Nix store. It's
|
||||
recommended to use the $dbPasswordFile option since that gives you control over
|
||||
the security of the password. $dbPasswordFile also takes precedence over $dbPassword.
|
||||
'';
|
||||
example = "wordpress";
|
||||
};
|
||||
dbPasswordFile = mkOption {
|
||||
type = types.str;
|
||||
default = toString (pkgs.writeTextFile {
|
||||
name = "wordpress-dbpassword";
|
||||
text = config.dbPassword;
|
||||
});
|
||||
example = "/run/keys/wordpress-dbpassword";
|
||||
description = ''
|
||||
Path to a file that contains the mysql password to the respective dbUser.
|
||||
The file should be readable by the user: config.services.httpd.user.
|
||||
|
||||
$dbPasswordFile takes precedence over the $dbPassword option.
|
||||
|
||||
This defaults to a file in the world-readable Nix store that contains the value
|
||||
of the $dbPassword option. It's recommended to override this with a path not in
|
||||
the Nix store. Tip: use nixops key management:
|
||||
<link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'/>
|
||||
'';
|
||||
};
|
||||
tablePrefix = mkOption {
|
||||
default = "wp_";
|
||||
description = ''
|
||||
@ -251,7 +276,7 @@ in
|
||||
sleep 1
|
||||
done
|
||||
${pkgs.mysql}/bin/mysql -e 'CREATE DATABASE ${config.dbName};'
|
||||
${pkgs.mysql}/bin/mysql -e 'GRANT ALL ON ${config.dbName}.* TO ${config.dbUser}@localhost IDENTIFIED BY "${config.dbPassword}";'
|
||||
${pkgs.mysql}/bin/mysql -e "GRANT ALL ON ${config.dbName}.* TO ${config.dbUser}@localhost IDENTIFIED BY \"$(cat ${config.dbPasswordFile})\";"
|
||||
else
|
||||
echo "Good, no need to do anything database related."
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user