nixos/mosquitto: Add checkPasswords option

Related to https://github.com/NixOS/nixpkgs/issues/27130.

Adds an option to NixOS configuration option to have Mosquitto use the
password file that it generates.  When this option is false the
Mosquitto server will accept login attempts with any username and any
password.  This option defaults to false because this matches the
behavior of the service prior to the introduction of this option.

When the `services.mosquitto.checkPasswords` is true, the server will
only accept valid usernames and passwords.
This commit is contained in:
Richard Larocque 2017-08-06 15:21:01 -07:00
parent 638b67146d
commit 66b07e41e6

View File

@ -12,6 +12,10 @@ let
keyfile ${cfg.ssl.keyfile} keyfile ${cfg.ssl.keyfile}
''; '';
passwordConf = optionalString cfg.checkPasswords ''
password_file ${cfg.dataDir}/passwd
'';
mosquittoConf = pkgs.writeText "mosquitto.conf" '' mosquittoConf = pkgs.writeText "mosquitto.conf" ''
pid_file /run/mosquitto/pid pid_file /run/mosquitto/pid
acl_file ${aclFile} acl_file ${aclFile}
@ -19,6 +23,7 @@ let
allow_anonymous ${boolToString cfg.allowAnonymous} allow_anonymous ${boolToString cfg.allowAnonymous}
bind_address ${cfg.host} bind_address ${cfg.host}
port ${toString cfg.port} port ${toString cfg.port}
${passwordConf}
${listenerConf} ${listenerConf}
${cfg.extraConf} ${cfg.extraConf}
''; '';
@ -153,6 +158,15 @@ in
''; '';
}; };
checkPasswords = mkOption {
default = false;
example = true;
type = types.bool;
description = ''
Refuse connection when clients provide incorrect passwords.
'';
};
extraConf = mkOption { extraConf = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;