modules: services: transmission: secrets w/ file

In preparation for the migration to using agenix.
This commit is contained in:
Bruno BELANYI 2021-09-25 12:52:49 +02:00
parent 1cf93825b2
commit db37cea907
2 changed files with 14 additions and 15 deletions

View file

@ -126,8 +126,12 @@ in
# Torrent client and webui # Torrent client and webui
transmission = { transmission = {
enable = true; enable = true;
username = "Ambroisie"; credentialsFile = builtins.toFile "transmission-creds.txt" ''
password = my.secrets.transmission.password; {
"rpc-username": "Ambroisie",
"rpc-password": "${my.secrets.transmission.password}"
}
'';
}; };
# Simple, in-kernel VPN # Simple, in-kernel VPN
wireguard = { wireguard = {

View file

@ -11,17 +11,13 @@ in
options.my.services.transmission = with lib; { options.my.services.transmission = with lib; {
enable = mkEnableOption "Transmission torrent client"; enable = mkEnableOption "Transmission torrent client";
username = mkOption { credentialsFile = mkOption {
type = types.str; type = types.str;
default = "Ambroisie"; example = "/var/lib/transmission/creds.json";
example = "username"; description = ''
description = "Name of the transmission RPC user"; Credential file as an json configuration file to be merged with
}; the main one.
'';
password = mkOption {
type = types.str;
example = "password";
description = "Password of the transmission RPC user";
}; };
downloadBase = mkOption { downloadBase = mkOption {
@ -53,6 +49,8 @@ in
downloadDirPermissions = "775"; downloadDirPermissions = "775";
inherit (cfg) credentialsFile;
settings = { settings = {
download-dir = "${cfg.downloadBase}/complete"; download-dir = "${cfg.downloadBase}/complete";
incomplete-dir = "${cfg.downloadBase}/incomplete"; incomplete-dir = "${cfg.downloadBase}/incomplete";
@ -63,9 +61,6 @@ in
rpc-port = cfg.port; rpc-port = cfg.port;
rpc-authentication-required = true; rpc-authentication-required = true;
rpc-username = cfg.username;
rpc-password = cfg.password; # Insecure, but I don't care.
# Proxied behind Nginx. # Proxied behind Nginx.
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1"; rpc-whitelist = "127.0.0.1";