diff --git a/lib/modules/rclone.nix b/lib/modules/rclone.nix index 7f8f87f..b245af8 100644 --- a/lib/modules/rclone.nix +++ b/lib/modules/rclone.nix @@ -46,10 +46,16 @@ let default = { }; }; + secrets = lib.mkOption { + type = lib.types.attrsOf (lib.types.either lib.types.path lib.types.str); + description = "A set of environment variables to load from files."; + default = { }; + }; + secretsScript = lib.mkOption { type = lib.types.lines; description = "A script for loading secrets before launching the sync."; - default = []; + default = ""; }; config = lib.mkOption { @@ -58,6 +64,15 @@ let visible = false; }; }; + + config = { + secretsScript = builtins.concatStringsSep + "\n" + (builtins.attrValues ( + builtins.mapAttrs + (name: path: "${name}=\"$(cat ${lib.escapeShellArg path})\"") + config.secrets)); + }; }); mkWebdavProvider = ( @@ -108,6 +123,10 @@ let (mkIfNotNull config.username { user = config.username; }) (mkIfNotNull config.obscuredPassword { pass = config.obscuredPassword; }) ]; + + secrets = lib.optionalAttrs (config.obscuredPasswordFile != null) { + RCLONE_WEBDAV_PASS = config.obscuredPasswordFile; + }; }; }));