diff options
author | Bruno BELANYI <bruno@belanyi.fr> | 2023-12-23 14:39:02 +0100 |
---|---|---|
committer | Bruno BELANYI <bruno@belanyi.fr> | 2024-01-25 21:36:21 +0000 |
commit | d3a146519683c2b5a3ccdc8fe1ae2f6123664008 (patch) | |
tree | 1b769293cbc73b3a839fd9daca5cbc14cc0926ae /nixos | |
parent | 64cab3aa8d98a09aaf360b9277b2f7837c064293 (diff) | |
download | nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar.gz nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar.bz2 nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar.lz nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar.xz nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.tar.zst nixlib-d3a146519683c2b5a3ccdc8fe1ae2f6123664008.zip |
nixos/aria2: implement 'rpcSecretFile'
Since this is supposed to be a secret, use a file path as an input instead of making it part of the expression, which would expose it in the nix store.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/aria2.nix | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index e848869cc0ac..1fb55b836798 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -18,11 +18,14 @@ let dir=${cfg.downloadDir} listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)} rpc-listen-port=${toString cfg.rpcListenPort} - rpc-secret=${cfg.rpcSecret} ''; in { + imports = [ + (mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead") + ]; + options = { services.aria2 = { enable = mkOption { @@ -65,11 +68,11 @@ in default = 6800; description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; }; - rpcSecret = mkOption { - type = types.str; - default = "aria2rpc"; + rpcSecretFile = mkOption { + type = types.path; + example = "/run/secrets/aria2-rpc-token.txt"; description = lib.mdDoc '' - Set RPC secret authorization token. + A file containing the RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used. ''; }; @@ -117,6 +120,7 @@ in touch "${sessionFile}" fi cp -f "${settingsFile}" "${settingsDir}/aria2.conf" + echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${settingsDir}/aria2.conf" ''; serviceConfig = { @@ -125,6 +129,7 @@ in ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; User = "aria2"; Group = "aria2"; + LoadCredential="rpcSecretFile:${cfg.rpcSecretFile}"; }; }; }; |