about summary refs log tree commit diff
path: root/tools/hash-password.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tools/hash-password.nix')
-rw-r--r--tools/hash-password.nix17
1 files changed, 17 insertions, 0 deletions
diff --git a/tools/hash-password.nix b/tools/hash-password.nix
new file mode 100644
index 000000000000..583f1210bd89
--- /dev/null
+++ b/tools/hash-password.nix
@@ -0,0 +1,17 @@
+# Utility for invoking slappasswd with the correct options for
+# creating an ARGON2 password hash.
+#
+# Users should generally use https://signup.tvl.fyi instead.
+{ pkgs, ... }:
+
+let
+  script = pkgs.writeShellScriptBin "hash-password" ''
+    ${pkgs.openldap}/bin/slappasswd -o module-load=argon2 -h '{ARGON2}' "$@"
+  '';
+in
+script.overrideAttrs (old: {
+  doCheck = true;
+  checkPhase = ''
+    ${pkgs.stdenv.shell} $out/bin/hash-password -s example-password > /dev/null
+  '';
+})