put ttrss behind http basic auth

not sure i entirely trust a non-trivial php app being publicly
accessible

2 files changed, 9 insertions, 0 deletions

diff --git a/tozt/tozt/files/nginx/ttrss-tls.conf b/tozt/tozt/files/nginx/ttrss-tls.conf
index b642cf7..10e4f3c 100644
--- a/tozt/tozt/files/nginx/ttrss-tls.conf
+++ b/tozt/tozt/files/nginx/ttrss-tls.conf
@@ -11,6 +11,8 @@ server {
 
     location / {
         index  index.php;
+        auth_basic "ttrss";
+        auth_basic_user_file "/media/persistent/ttrss.htpasswd";
     }
 
     location ~ \.php$ {
@@ -19,6 +21,8 @@ server {
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include /etc/nginx/fastcgi_params;
+        auth_basic "ttrss";
+        auth_basic_user_file "/media/persistent/ttrss.htpasswd";
     }
 }
 # vim:ft=nginx
diff --git a/tozt/tozt/manifests/ttrss.pp b/tozt/tozt/manifests/ttrss.pp
index 06d024d..f2df995 100644
--- a/tozt/tozt/manifests/ttrss.pp
+++ b/tozt/tozt/manifests/ttrss.pp
@@ -7,6 +7,11 @@ class tozt::ttrss {
     require => Class["tozt::persistent"];
   }
 
+  secret { "/media/persistent/ttrss.htpasswd":
+    source => "ttrss",
+    require => Class["tozt::persistent"];
+  }
+
   nginx::site {
     "ttrss-tls":
       source => 'puppet:///modules/tozt/nginx/ttrss-tls.conf',