modules: services: transmission: secrets w/ file

In preparation for the migration to using agenix.
This commit is contained in:
Bruno BELANYI 2021-09-25 12:52:49 +02:00
parent 98034a5410
commit da63787874
2 changed files with 14 additions and 15 deletions

View file

@ -126,8 +126,12 @@ in
# Torrent client and webui
transmission = {
enable = true;
username = "Ambroisie";
password = my.secrets.transmission.password;
credentialsFile = builtins.toFile "transmission-creds.txt" ''
{
"rpc-username": "Ambroisie",
"rpc-password": "${my.secrets.transmission.password}"
}
'';
};
# Simple, in-kernel VPN
wireguard = {

View file

@ -11,17 +11,13 @@ in
options.my.services.transmission = with lib; {
enable = mkEnableOption "Transmission torrent client";
username = mkOption {
credentialsFile = mkOption {
type = types.str;
default = "Ambroisie";
example = "username";
description = "Name of the transmission RPC user";
};
password = mkOption {
type = types.str;
example = "password";
description = "Password of the transmission RPC user";
example = "/var/lib/transmission/creds.json";
description = ''
Credential file as an json configuration file to be merged with
the main one.
'';
};
downloadBase = mkOption {
@ -53,6 +49,8 @@ in
downloadDirPermissions = "775";
inherit (cfg) credentialsFile;
settings = {
download-dir = "${cfg.downloadBase}/complete";
incomplete-dir = "${cfg.downloadBase}/incomplete";
@ -63,9 +61,6 @@ in
rpc-port = cfg.port;
rpc-authentication-required = true;
rpc-username = cfg.username;
rpc-password = cfg.password; # Insecure, but I don't care.
# Proxied behind Nginx.
rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1";