pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #276306 from ambroisie/aria2-rpc-secret-file

nixos/aria2: implement 'rpcSecretFile'

authored by Thomas Gerbet and committed by GitHub 117fd19a ae78df7a

+17 -5
unified split
+7
nixos/doc/manual/release-notes/rl-2405.section.md
··· 85 86 - `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details. 87 88 - Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) 89 90 - `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
··· 85 86 - `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details. 87 88 + - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. 89 + This was done so that secrets aren't stored in the world-readable nix store. 90 + To migrate, you will have create a file with the same exact string, and change 91 + your module options to point to that file. For example, `services.aria2.rpcSecret = 92 + "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` 93 + where the file `secret_file` contains the string `mysecret`. 94 + 95 - Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) 96 97 - `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
+10 -5
nixos/modules/services/networking/aria2.nix
··· 18 dir=${cfg.downloadDir} 19 listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)} 20 rpc-listen-port=${toString cfg.rpcListenPort} 21 - rpc-secret=${cfg.rpcSecret} 22 ''; 23 24 in 25 { 26 options = { 27 services.aria2 = { 28 enable = mkOption { ··· 65 default = 6800; 66 description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; 67 }; 68 - rpcSecret = mkOption { 69 - type = types.str; 70 - default = "aria2rpc"; 71 description = lib.mdDoc '' 72 - Set RPC secret authorization token. 73 Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used. 74 ''; 75 }; ··· 117 touch "${sessionFile}" 118 fi 119 cp -f "${settingsFile}" "${settingsDir}/aria2.conf" 120 ''; 121 122 serviceConfig = { ··· 125 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 126 User = "aria2"; 127 Group = "aria2"; 128 }; 129 }; 130 };
··· 18 dir=${cfg.downloadDir} 19 listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)} 20 rpc-listen-port=${toString cfg.rpcListenPort} 21 ''; 22 23 in 24 { 25 + imports = [ 26 + (mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead") 27 + ]; 28 + 29 options = { 30 services.aria2 = { 31 enable = mkOption { ··· 68 default = 6800; 69 description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; 70 }; 71 + rpcSecretFile = mkOption { 72 + type = types.path; 73 + example = "/run/secrets/aria2-rpc-token.txt"; 74 description = lib.mdDoc '' 75 + A file containing the RPC secret authorization token. 76 Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used. 77 ''; 78 }; ··· 120 touch "${sessionFile}" 121 fi 122 cp -f "${settingsFile}" "${settingsDir}/aria2.conf" 123 + echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${settingsDir}/aria2.conf" 124 ''; 125 126 serviceConfig = { ··· 129 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 130 User = "aria2"; 131 Group = "aria2"; 132 + LoadCredential="rpcSecretFile:${cfg.rpcSecretFile}"; 133 }; 134 }; 135 };