From a40e9c3abb4b12d384df1ff2ca9a537227635e1f Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Sun, 27 Nov 2022 19:14:22 +0000
Subject: [PATCH] htpasswd -> mkpasswd

---
 .gitlab-ci.yml        |  4 ++--
 README.md             |  2 +-
 default.nix           | 12 ++++++------
 docs/add-radicale.rst |  4 ++--
 docs/options.rst      | 12 ++++++------
 docs/setup-guide.rst  |  2 +-
 tests/internal.nix    |  4 ++--
 tests/multiple.nix    |  4 ++--
 8 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0a2cb4b..702c294 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,11 +3,11 @@ hydra-pr:
     - merge_requests
   image: nixos/nix
   script:
-    - nix --extra-experimental-features nix-command run -f channel:nixos-unstable hydra-cli -- -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver ${CI_MERGE_REQUEST_IID}
+    - nix-shell -I nixpkgs=channel:nixos-unstable -p hydra-cli --run 'hydra-cli -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver ${CI_MERGE_REQUEST_IID}'
 
 hydra-master:
   only:
     - master
   image: nixos/nix
   script:
-    - nix --extra-experimental-features nix-command run -f channel:nixos-unstable hydra-cli -- -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver master
+    - nix-shell -I nixpkgs=channel:nixos-unstable -p hydra-cli --run 'hydra-cli -H https://hydra.nix-community.org jobset-wait simple-nixos-mailserver master'
diff --git a/README.md b/README.md
index 0adc7d6..86351d7 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,7 @@ D9FE 4119 F082 6F15 93BD  BD36 6162 DBA5 635E A16A
        domains = [ "example.com" "example2.com" ];
        loginAccounts = {
            "user1@example.com" = {
-               # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
+               # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > /hashed/password/file/location
                hashedPasswordFile = "/hashed/password/file/location";
 
                aliases = [
diff --git a/default.nix b/default.nix
index 7ef5cba..7c9118e 100644
--- a/default.nix
+++ b/default.nix
@@ -72,10 +72,10 @@ in
             default = null;
             example = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";
             description = ''
-              The user's hashed password. Use `htpasswd` as follows
+              The user's hashed password. Use `mkpasswd` as follows
 
               ```
-              nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+              nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
               ```
 
               Warning: this is stored in plaintext in the Nix store!
@@ -88,10 +88,10 @@ in
             default = null;
             example = "/run/keys/user1-passwordhash";
             description = ''
-              A file containing the user's hashed password. Use `htpasswd` as follows
+              A file containing the user's hashed password. Use `mkpasswd` as follows
 
               ```
-              nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+              nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
               ```
             '';
           };
@@ -184,11 +184,11 @@ in
       };
       description = ''
         The login account of the domain. Every account is mapped to a unix user,
-        e.g. `user1@example.com`. To generate the passwords use `htpasswd` as
+        e.g. `user1@example.com`. To generate the passwords use `mkpasswd` as
         follows
 
         ```
-        nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+        nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
         ```
       '';
       default = {};
diff --git a/docs/add-radicale.rst b/docs/add-radicale.rst
index 3f29434..2393f6e 100644
--- a/docs/add-radicale.rst
+++ b/docs/add-radicale.rst
@@ -4,8 +4,8 @@ Add Radicale
 Configuration by @dotlambda
 
 Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
-crypt passwords, as generated by `mkpasswd`, are no longer supported.  Instead
-bcrypt passwords have to be used which can be generated using `htpasswd`.
+crypt passwords are no longer supported.  Instead bcrypt passwords
+have to be used. These can still be generated using `mkpasswd -m bcrypt`.
 
 .. code:: nix
 
diff --git a/docs/options.rst b/docs/options.rst
index 32f6d77..1e0af9a 100644
--- a/docs/options.rst
+++ b/docs/options.rst
@@ -458,11 +458,11 @@ mailserver.loginAccounts
 ------------------------
 
 The login account of the domain. Every account is mapped to a unix user,
-e.g. `user1@example.com`. To generate the passwords use `htpasswd` as
+e.g. `user1@example.com`. To generate the passwords use `mkpasswd` as
 follows
 
 ```
-nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
 ```
 
 
@@ -496,10 +496,10 @@ Note: Does not allow sending from all addresses of these domains.
 mailserver.loginAccounts.<name>.hashedPassword
 ----------------------------------------------
 
-The user's hashed password. Use `htpasswd` as follows
+The user's hashed password. Use `mkpasswd` as follows
 
 ```
-nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
 ```
 
 Warning: this is stored in plaintext in the Nix store!
@@ -513,10 +513,10 @@ Use `hashedPasswordFile` instead.
 mailserver.loginAccounts.<name>.hashedPasswordFile
 --------------------------------------------------
 
-A file containing the user's hashed password. Use `htpasswd` as follows
+A file containing the user's hashed password. Use `mkpasswd` as follows
 
 ```
-nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
 ```
 
 
diff --git a/docs/setup-guide.rst b/docs/setup-guide.rst
index 7e6137e..4a39676 100644
--- a/docs/setup-guide.rst
+++ b/docs/setup-guide.rst
@@ -70,7 +70,7 @@ these should be the most common ones.
        domains = [ "example.com" ];
 
        # A list of all login accounts. To create the password hashes, use
-       # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+       # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
        loginAccounts = {
            "user1@example.com" = {
                hashedPasswordFile = "/a/file/containing/a/hashed/password";
diff --git a/tests/internal.nix b/tests/internal.nix
index e8c4227..02609fd 100644
--- a/tests/internal.nix
+++ b/tests/internal.nix
@@ -29,8 +29,8 @@ let
 
   hashPassword = password: pkgs.runCommand
     "password-${password}-hashed"
-    { buildInputs = [ pkgs.apacheHttpd ]; } ''
-      htpasswd -nbB "" "${password}" | cut -d: -f2 > $out
+    { buildInputs = [ pkgs.mkpasswd ]; inherit password; } ''
+      mkpasswd -sm bcrypt <<<"$password" > $out
     '';
 
   hashedPasswordFile = hashPassword "my-password";
diff --git a/tests/multiple.nix b/tests/multiple.nix
index 99e1aaf..cef20e3 100644
--- a/tests/multiple.nix
+++ b/tests/multiple.nix
@@ -5,9 +5,9 @@
 let
     hashPassword = password: pkgs.runCommand
       "password-${password}-hashed"
-      { buildInputs = [ pkgs.apacheHttpd ]; }
+      { buildInputs = [ pkgs.mkpasswd ]; inherit password; }
       ''
-        htpasswd -nbB "" "${password}" | cut -d: -f2 > $out
+        mkpasswd -sm bcrypt <<<"$password" > $out
       '';
 
     password = pkgs.writeText "password" "password";