-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syncthing: add support for untrusted devices #205653
Conversation
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/1598 |
nixos/tests/all-tests.nix
Outdated
syncthing = handleTest ./syncthing/syncthing.nix {}; | ||
syncthing-init = handleTest ./syncthing/syncthing-init.nix {}; | ||
syncthing-relay = handleTest ./syncthing/syncthing-relay.nix {}; | ||
syncthing-declarative = handleTest ./syncthing/syncthing-declarative.nix {}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
syncthing = handleTest ./syncthing/syncthing.nix {}; | |
syncthing-init = handleTest ./syncthing/syncthing-init.nix {}; | |
syncthing-relay = handleTest ./syncthing/syncthing-relay.nix {}; | |
syncthing-declarative = handleTest ./syncthing/syncthing-declarative.nix {}; | |
syncthing = handleTest ./syncthing {}; | |
syncthing-init = handleTest ./syncthing/init.nix {}; | |
syncthing-relay = handleTest ./syncthing/relay.nix {}; | |
syncthing-declarative = handleTest ./syncthing/declarative.nix {}; |
maybe, not sure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would be nice, now that I think of it I would keep syncthing-relay = handleTest ./syncthing-relay.nix {};
@SuperSandro2000 do you think it would be good to move syncthing relay in the top directory for tests again? syncthing-relay is a software on its own.
I know it would break a lot of existing configurations, but wouldn't it be nice to turn This way the configuration would look like: {
services.syncthing.folders = {
foo = {
path = "/var/lib/syncthing/foo";
devices = {
"b" = {};
"c" = {};
};
};
bar = {
path = "/var/lib/syncthing/bar";
devices = {
"c".encryptionPasswordFile = "${testPasswordFile}";
};
};
};
} To make it backwards compatible or nice for the folder |
lassulus and i added a the freeform option and a few other options to syncthing with #226088 is your pr still needed with that? beside of the test edits? would you like to try it please :) |
@Xyz00777 the core of the PR is to avoid leaking the encryption secret in the nix store so the generated configuration is patched after being generated from the options and before getting applied. I absolutely agree with the introduction of the |
@Lassulus @Xyz00777 On second sight: I can probably "rebase" this PR on top of |
Needs deep reworking after merge of #226088 😔 marking as draft |
Any updates on this? What's the state now after that merge? what is needed in order to implement this feature? |
I note this has been merged for some time. Any progress on this feature? |
@mtroberts unfortunately I hadn't the time to work on this. This PR has bit rot and needs rework. I'm closing it for the time being. Feel free to leave a comment or thumbs in the open issue #121286 to signal that you'd like this to be implemented |
Description of changes
Add support for syncthing untrusted devices as requested in #121286.
Syncthing allows folders to be shared with both untrusted and trusted devices devices at the same time so the PR introduces an option at the folder-level to specify the encryption password for the untrusted devices.
Things done
encryptionPasswordFiles
option at the folder levelnix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes