From db37cea9072b0827fd7c445d5e2d5373610da577 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 25 Sep 2021 12:52:49 +0200 Subject: [PATCH] modules: services: transmission: secrets w/ file In preparation for the migration to using agenix. --- machines/porthos/services.nix | 8 ++++++-- modules/services/transmission.nix | 21 ++++++++------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/machines/porthos/services.nix b/machines/porthos/services.nix index d26bb10..4c9ca7d 100644 --- a/machines/porthos/services.nix +++ b/machines/porthos/services.nix @@ -126,8 +126,12 @@ in # Torrent client and webui transmission = { enable = true; - username = "Ambroisie"; - password = my.secrets.transmission.password; + credentialsFile = builtins.toFile "transmission-creds.txt" '' + { + "rpc-username": "Ambroisie", + "rpc-password": "${my.secrets.transmission.password}" + } + ''; }; # Simple, in-kernel VPN wireguard = { diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix index 807fc0a..cac075f 100644 --- a/modules/services/transmission.nix +++ b/modules/services/transmission.nix @@ -11,17 +11,13 @@ in options.my.services.transmission = with lib; { enable = mkEnableOption "Transmission torrent client"; - username = mkOption { + credentialsFile = mkOption { type = types.str; - default = "Ambroisie"; - example = "username"; - description = "Name of the transmission RPC user"; - }; - - password = mkOption { - type = types.str; - example = "password"; - description = "Password of the transmission RPC user"; + example = "/var/lib/transmission/creds.json"; + description = '' + Credential file as an json configuration file to be merged with + the main one. + ''; }; downloadBase = mkOption { @@ -53,6 +49,8 @@ in downloadDirPermissions = "775"; + inherit (cfg) credentialsFile; + settings = { download-dir = "${cfg.downloadBase}/complete"; incomplete-dir = "${cfg.downloadBase}/incomplete"; @@ -63,9 +61,6 @@ in rpc-port = cfg.port; rpc-authentication-required = true; - rpc-username = cfg.username; - rpc-password = cfg.password; # Insecure, but I don't care. - # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1";