Loading nixos/modules/services/networking/syncthing.nix +22 −1 Original line number Diff line number Diff line Loading @@ -236,13 +236,14 @@ let + /* Now we update the other settings defined in cleanedConfig which are not "folders" or "devices". "folders", "devices", or "guiPasswordFile". */ (lib.pipe cleanedConfig [ builtins.attrNames (lib.subtractLists [ "folders" "devices" "guiPasswordFile" ]) (map (subOption: '' curl -X PUT -d ${ Loading @@ -251,6 +252,12 @@ let '')) (lib.concatStringsSep "\n") ]) + # Now we hash the contents of guiPasswordFile and use the result to update the gui password (lib.optionalString (cfg.guiPasswordFile != null) '' ${pkgs.mkpasswd}/bin/mkpasswd -m bcrypt --stdin <"${cfg.guiPasswordFile}" | tr -d "\n" > "$RUNTIME_DIRECTORY/password_bcrypt" curl -X PATCH --variable "pw_bcrypt@$RUNTIME_DIRECTORY/password_bcrypt" --expand-json '{ "password": "{{pw_bcrypt}}" }' ${curlAddressArgs "/rest/config/gui"} '') + '' # restart Syncthing if required if curl ${curlAddressArgs "/rest/config/restart-required"} | Loading Loading @@ -285,6 +292,14 @@ in ''; }; guiPasswordFile = mkOption { type = types.nullOr types.str; default = null; description = '' Path to file containing the plaintext password for Syncthing's GUI. ''; }; overrideDevices = mkOption { type = types.bool; default = true; Loading Loading @@ -837,6 +852,12 @@ in from the configuration, creating path conflicts. ''; } { assertion = (lib.hasAttrByPath [ "gui" "password" ] cfg.settings) -> cfg.guiPasswordFile == null; message = '' Please use only one of services.syncthing.settings.gui.password or services.syncthing.guiPasswordFile. ''; } ]; networking.firewall = mkIf cfg.openDefaultPorts { Loading Loading
nixos/modules/services/networking/syncthing.nix +22 −1 Original line number Diff line number Diff line Loading @@ -236,13 +236,14 @@ let + /* Now we update the other settings defined in cleanedConfig which are not "folders" or "devices". "folders", "devices", or "guiPasswordFile". */ (lib.pipe cleanedConfig [ builtins.attrNames (lib.subtractLists [ "folders" "devices" "guiPasswordFile" ]) (map (subOption: '' curl -X PUT -d ${ Loading @@ -251,6 +252,12 @@ let '')) (lib.concatStringsSep "\n") ]) + # Now we hash the contents of guiPasswordFile and use the result to update the gui password (lib.optionalString (cfg.guiPasswordFile != null) '' ${pkgs.mkpasswd}/bin/mkpasswd -m bcrypt --stdin <"${cfg.guiPasswordFile}" | tr -d "\n" > "$RUNTIME_DIRECTORY/password_bcrypt" curl -X PATCH --variable "pw_bcrypt@$RUNTIME_DIRECTORY/password_bcrypt" --expand-json '{ "password": "{{pw_bcrypt}}" }' ${curlAddressArgs "/rest/config/gui"} '') + '' # restart Syncthing if required if curl ${curlAddressArgs "/rest/config/restart-required"} | Loading Loading @@ -285,6 +292,14 @@ in ''; }; guiPasswordFile = mkOption { type = types.nullOr types.str; default = null; description = '' Path to file containing the plaintext password for Syncthing's GUI. ''; }; overrideDevices = mkOption { type = types.bool; default = true; Loading Loading @@ -837,6 +852,12 @@ in from the configuration, creating path conflicts. ''; } { assertion = (lib.hasAttrByPath [ "gui" "password" ] cfg.settings) -> cfg.guiPasswordFile == null; message = '' Please use only one of services.syncthing.settings.gui.password or services.syncthing.guiPasswordFile. ''; } ]; networking.firewall = mkIf cfg.openDefaultPorts { Loading
