Unverified Commit d8b850d8 authored by Aurimas Blažulionis's avatar Aurimas Blažulionis Committed by Jeremy Fleischman
Browse files

syncthing: expose encryptionPassword 

- Change `folder.devices` type into `oneOf [(listOf str) (attrsOf
  (submodule { ... }))]`.
- Expose `encryptionPassord` within the attrSet of the devices option.

This allows the user to set the encrpyption password use to share the
folder's data with. We do this by file path, as opposed to string
literal, because we do not want to embed the encrpyption password into
the nix store.
parent 848e754b

nixos/modules/services/networking/syncthing.nix

+40 −5
Original line number Diff line number Diff line
@@ -55,10 +55,21 @@ let 
          were removed. Please use, respectively, {rescanIntervalS,fsWatcherEnabled,fsWatcherDelayS} instead.

        ''

        {

          devices = map (

          devices =

            let

              folderDevices = folder.devices;

            in

            if builtins.isList folderDevices then

              map (

                device:

                if builtins.isString device then { deviceId = cfg.settings.devices.${device}.id; } else device

          ) folder.devices;

              ) folderDevices

            else if builtins.isAttrs folderDevices then

              mapAttrsToList (

                deviceName: deviceValue: deviceValue // { deviceId = cfg.settings.devices.${deviceName}.id; }

              ) folderDevices

            else

              throw "Invalid type for devices in folder '${folderName}'; expected list or attrset.";

        }

  ) (filterAttrs (_: folder: folder.enable) cfg.settings.folders);
@@ -502,11 +513,35 @@ in 
                      };



                      devices = mkOption {

                        type = types.listOf types.str;

                        type = types.oneOf [

                          (types.listOf types.str)

                          (types.attrsOf (

                            types.submodule (

                              { name, ... }:

                              {

                                freeformType = settingsFormat.type;

                                options = {

                                  encryptionPassword = mkOption {

                                    type = types.nullOr types.str;

                                    default = null;

                                    description = ''

                                      Path to encryption password. If set, the file will be read during

                                      service activation, without being embedded in derivation.

                                    '';

                                  };

                                };

                              }

                            )

                          ))

                        ];

                        default = [ ];

                        description = ''

                          The devices this folder should be shared with. Each device must

                          be defined in the [devices](#opt-services.syncthing.settings.devices) option.



                          Either a list of strings, or an attribute set, where keys are defined in the

                          [devices](#opt-services.syncthing.settings.devices) option, and values are

                          device configurations.

                        '';

                      };