diff options
author | Felix Tenley <dev@felschr.com> | 2021-10-29 19:08:14 +0200 |
---|---|---|
committer | Felix Tenley <dev@felschr.com> | 2021-10-30 10:26:24 +0200 |
commit | f880f906b93bb3729be8e3acd1adb3612327d4a3 (patch) | |
tree | 296acd7df3e0a278e0d4a7d89f7a1ca2342f2c35 /nixos/modules/services/networking/ddclient.nix | |
parent | 7565e8eb3278125807f7f7abafcd3232f77746d9 (diff) | |
download | nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar.gz nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar.bz2 nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar.lz nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar.xz nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.tar.zst nixpkgs-f880f906b93bb3729be8e3acd1adb3612327d4a3.zip |
nixos/ddclient: replace password with passwordFile option
Diffstat (limited to 'nixos/modules/services/networking/ddclient.nix')
-rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 7820eedd932..833b0cbcdcf 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -4,14 +4,16 @@ let cfg = config.services.ddclient; boolToStr = bool: if bool then "yes" else "no"; dataDir = "/var/lib/ddclient"; + StateDirectory = builtins.baseNameOf dataDir; + RuntimeDirectory = StateDirectory; - configText = '' + configFile' = pkgs.writeText "ddclient.conf" '' # This file can be used as a template for configFile or is automatically generated by Nix options. cache=${dataDir}/ddclient.cache foreground=YES use=${cfg.use} login=${cfg.username} - password=${cfg.password} + password= protocol=${cfg.protocol} ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} @@ -24,6 +26,7 @@ let ${cfg.extraConfig} ${lib.concatStringsSep "," cfg.domains} ''; + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; in @@ -37,6 +40,7 @@ with lib; let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; in if value != "" then [ value ] else [])) (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") + (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") ]; ###### interface @@ -69,11 +73,11 @@ with lib; ''; }; - password = mkOption { - default = ""; - type = str; + passwordFile = mkOption { + default = null; + type = nullOr str; description = '' - Password. WARNING: The password becomes world readable in the Nix store. + A file containing the password. ''; }; @@ -87,12 +91,11 @@ with lib; }; configFile = mkOption { - default = "/etc/ddclient.conf"; - type = path; + default = null; + type = nullOr path; description = '' Path to configuration file. - When set to the default '/etc/ddclient.conf' it will be populated with the various other options in this module. When it is changed (for example: '/root/nixos/secrets/ddclient.conf') the file read directly to configure ddclient. This is a source of impurity. - The purpose of this is to avoid placing secrets into the store. + When set this overrides the generated configuration from module options. ''; example = "/root/nixos/secrets/ddclient.conf"; }; @@ -184,26 +187,28 @@ with lib; ###### implementation config = mkIf config.services.ddclient.enable { - environment.etc."ddclient.conf" = { - enable = cfg.configFile == "/etc/ddclient.conf"; - mode = "0600"; - text = configText; - }; - systemd.services.ddclient = { description = "Dynamic DNS Client"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - restartTriggers = [ config.environment.etc."ddclient.conf".source ]; + restartTriggers = optional (cfg.configFile != null) cfg.configFile; - serviceConfig = rec { + serviceConfig = { DynamicUser = true; - RuntimeDirectory = StateDirectory; - StateDirectory = builtins.baseNameOf dataDir; + inherit RuntimeDirectory; + inherit StateDirectory; Type = "oneshot"; - ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf"; ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; }; + preStart = '' + install -m 600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' + password=$(head -n 1 ${cfg.passwordFile}) + sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf + '' else '' + sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; }; systemd.timers.ddclient = { |