gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/syncthing: add guiPasswordFile option

Browse Source
This commit is contained in:
Kimberly Swanson
2025-06-22 10:14:44 +01:00
committed by NullCube
parent 2ebf757637
commit 02795dee2c
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
nixos/modules/services/networking/syncthing.nix
View File

@@ -236,13 +236,14 @@ let
+
/*
Now we update the other settings defined in cleanedConfig which are not
"folders" or "devices".
"folders", "devices", or "guiPasswordFile".
*/
(lib.pipe cleanedConfig [
builtins.attrNames
(lib.subtractLists [
"folders"
"devices"
"guiPasswordFile"
])
(map (subOption: ''
curl -X PUT -d ${
@@ -251,6 +252,12 @@ let
''))
(lib.concatStringsSep "\n")
])
+
# Now we hash the contents of guiPasswordFile and use the result to update the gui password
(lib.optionalString (cfg.guiPasswordFile != null) ''
${pkgs.mkpasswd}/bin/mkpasswd -m bcrypt --stdin <"${cfg.guiPasswordFile}" | tr -d "\n" > "$RUNTIME_DIRECTORY/password_bcrypt"
curl -X PATCH --variable "pw_bcrypt@$RUNTIME_DIRECTORY/password_bcrypt" --expand-json '{ "password": "{{pw_bcrypt}}" }' ${curlAddressArgs "/rest/config/gui"}
'')
+ ''
# restart Syncthing if required
if curl ${curlAddressArgs "/rest/config/restart-required"} |
@@ -285,6 +292,14 @@ in
'';
};
guiPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to file containing the plaintext password for Syncthing's GUI.
'';
};
overrideDevices = mkOption {
type = types.bool;
default = true;
@@ -837,6 +852,12 @@ in
from the configuration, creating path conflicts.
'';
}
{
assertion = (lib.hasAttrByPath [ "gui" "password" ] cfg.settings) -> cfg.guiPasswordFile == null;
message = ''
Please use only one of services.syncthing.settings.gui.password or services.syncthing.guiPasswordFile.
'';
}
];
networking.firewall = mkIf cfg.openDefaultPorts {