dump-dvb/nix-config
dump-dvb/nix-config
3
0
Fork 0
mirror of https://github.com/dump-dvb/nix-config.git synced 2024-06-14 20:06:57 +02:00
Code Issues Projects Releases Wiki Activity

do not leak hashed password to the logs

Browse Source
This commit is contained in:
oxapentane - 2023-06-12 23:40:22 +02:00
parent bba9c4886c
commit 4e99573af4
Signed by: oxapentane
GPG Key ID: 91FA5E5BF9AA901C
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/uranus/jupyter-container.nix
View File

@ -24,14 +24,18 @@ pkgs.dockerTools.buildImage {
runAsRoot = runAsRoot =
let let
cont-interpreter = "/bin/bash"; cont-interpreter = "/bin/bash";
useradd-string = (user: is-admin: ''useradd \ useradd-string = (user: is-admin: ''
-m \ set +x # don't leak the hashed password
${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ echo "creating user ${user}"
-p $(cat /pw/hashed-password-${user}) \ useradd \
${user} \ -m \
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \
&& ln --force -s /workdir /home/${user}/shared-workdir -p $(cat /pw/hashed-password-${user}) \
''); ${user} \
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
&& ln --force -s /workdir /home/${user}/shared-workdir
set -x
'');
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers)); create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''