ttyd: add test & use systemd LoadCredential

author: Felix Buehler <account@buehler.rocks> 2024-01-20 17:33:00 +0100
committer: Felix Buehler <account@buehler.rocks> 2024-01-20 21:01:51 +0100
commit: c34493d7c0a1edbcc028d34941f0807b5255f338 (patch)
tree: b12082a7e36a36ce6affc8d0790be5b937039e11 /nixos/modules/services/web-servers
parent: 221d90520ae684fddad2f93409fef6d005d8c25f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/ttyd.nix b/nixos/modules/services/web-servers/ttyd.nix
index 3b1d87ccb483e..e545869ca4320 100644
--- a/nixos/modules/services/web-servers/ttyd.nix
+++ b/nixos/modules/services/web-servers/ttyd.nix
@@ -180,10 +180,11 @@ in
         # Runs login which needs to be run as root
         # login: Cannot possibly work without effective root
         User = "root";
+        LoadCredential = lib.optionalString (cfg.passwordFile != null) "TTYD_PASSWORD_FILE:${cfg.passwordFile}";
       };
 
       script = if cfg.passwordFile != null then ''
-        PASSWORD=$(cat ${escapeShellArg cfg.passwordFile})
+        PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/TTYD_PASSWORD_FILE")
         ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \
           --credential ${escapeShellArg cfg.username}:"$PASSWORD" \
           ${pkgs.shadow}/bin/login
author	Felix Buehler <account@buehler.rocks>	2024-01-20 17:33:00 +0100
committer	Felix Buehler <account@buehler.rocks>	2024-01-20 21:01:51 +0100
commit	c34493d7c0a1edbcc028d34941f0807b5255f338 (patch)
tree	b12082a7e36a36ce6affc8d0790be5b937039e11 /nixos/modules/services/web-servers
parent	221d90520ae684fddad2f93409fef6d005d8c25f (diff)