mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-14 20:06:57 +02:00
do not leak hashed password to the logs
This commit is contained in:
parent
bba9c4886c
commit
4e99573af4
|
@ -24,14 +24,18 @@ pkgs.dockerTools.buildImage {
|
||||||
runAsRoot =
|
runAsRoot =
|
||||||
let
|
let
|
||||||
cont-interpreter = "/bin/bash";
|
cont-interpreter = "/bin/bash";
|
||||||
useradd-string = (user: is-admin: ''useradd \
|
useradd-string = (user: is-admin: ''
|
||||||
-m \
|
set +x # don't leak the hashed password
|
||||||
${if is-admin then "-G ${jupyterAdminGroup}" else ""} \
|
echo "creating user ${user}"
|
||||||
-p $(cat /pw/hashed-password-${user}) \
|
useradd \
|
||||||
${user} \
|
-m \
|
||||||
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
|
${if is-admin then "-G ${jupyterAdminGroup}" else ""} \
|
||||||
&& ln --force -s /workdir /home/${user}/shared-workdir
|
-p $(cat /pw/hashed-password-${user}) \
|
||||||
'');
|
${user} \
|
||||||
|
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
|
||||||
|
&& ln --force -s /workdir /home/${user}/shared-workdir
|
||||||
|
set -x
|
||||||
|
'');
|
||||||
|
|
||||||
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
|
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
|
||||||
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
|
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
|
||||||
|
|
Loading…
Reference in New Issue
Block a user