auth:module: replace special symbols in generated secrets

2025-04-17 12:42:46 +04:00
parent 791e551b93
commit 46971cd2be
1 changed files with 7 additions and 2 deletions
--- a/auth/auth-module.nix
+++ b/auth/auth-module.nix
@@ -14,9 +14,14 @@ let
    in
    pkgs.writeShellScript
      "${oauthClientID}-kanidm-ExecStartPre-script.sh" ''
-      [ -f "${secretFP}" ] || \
-        "${lib.getExe pkgs.openssl}" rand -base64 -out "${secretFP}" 32 && \
+      set -o pipefail
+      set -o errexit
+      if ! [ -f "${secretFP}" ]
+      then
+        "${lib.getExe pkgs.openssl}" rand -base64 32 \
+        | tr "\n:@/+=" "012345" > "${secretFP}"
        chmod 640 "${secretFP}"
+      fi
    '';
  mkKanidmExecStartPostScript = oauthClientID: linuxGroup:
    let