Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syncthing: define and handle encryptionPassword option #342138

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

syncthing: define and handle encryptionPassword option #342138

wants to merge 6 commits into from

Conversation

h33p
Copy link

@h33p h33p commented Sep 15, 2024
edited
Loading

Description of changes

  • Redefine devices to accept either a list of strings, or an attrset.
  • If attrset, allow specifying encryptionPassword as a reference to password to use for device.
  • Modify activation script to read all encryption passwords and concatinate them to JSON without hitting nix store.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Module updates) Added a release notes entry if the change is significant
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@h33p h33p mentioned this pull request Sep 15, 2024
Open
@zarelit zarelit mentioned this pull request Sep 15, 2024
Closed
12 tasks
@h33p
syncthing: handle encryptionPassword secret
b5e81d5 
Rewrite the syncthing config update script to embed secrets into the
json request. Specifically, we handle the `encryptionPassword` secret.
With this code, the user can embed path to the encrpyption password for
a given device the folder is shared with, and have it loaded in, without
touching the nix store.
@h33p
syncthing: expose encryptionPassword
0bc8c16 
- Change `folder.devices` type into `oneOf [(listOf str) (attrsOf
  (submodule { ... }))]`.
- Expose `encryptionPassord` within the attrSet of the devices option.

This allows the user to set the encrpyption password use to share the
folder's data with. We do this by file path, as opposed to string
literal, because we do not want to embed the encrpyption password into
the nix store.
@h33p h33p force-pushed the 121286_syncthing_encryption_password branch from 9540845 to 0bc8c16 Compare September 19, 2024 15:22
@h33p h33p force-pushed the 121286_syncthing_encryption_password branch from 494338f to 3c04dff Compare September 30, 2024 09:38
@h33p h33p marked this pull request as ready for review September 30, 2024 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@h33p @NixOSInfra