home-manager
home-manager copied to clipboard
nix-community
module request: rclone
Description
rclone is a tool that lets you manage cloud files using one of the many backends (Google Drive, Dropbox, FTP, etc). In particular, two would-be-nice-to-have home-manager integrations are declarative remote management and FUSE mounts using systemd.
I'm willing to take this on.
However, some details definitely need to be thought about, most importantly: how do we handle secrets in the configuration file? rclone's configuration contains storage provider credentials, so we'd need a good way to store and provide this to the configuration without making it readable in the store.
I think something that can be considered is allowing the user to use rclone config to generate a configuration file, and then use their method of choice (agenix, sops-nix, etc.) to provide a path to it to the module. This would allow interactive authentication and such, which wouldn't be so easy if the only interface was a Nix expression.
Thoughts and opinions on this are welcome (and encouraged!).
rclone supports config file encryption. I'm not sure how else this could be done, besides perhaps not including remote passwords in the config file at all (only letting the user specify a password file for rclone mounts). Alternatively, we could ask upstream to add an option to use a command as the remote password.
rclone supports config file encryption.
How would this interact with automatic mounting units, though?
A command or a file parameter for the password upstream is a good solution, but I'm not sure if there's a better way.
How would this interact with automatic mounting units, though?
you can pipe the password via stdin for sure, you might be able to pass it via cmd line too.
edit: see this, it lets one specify the password command for config encryption. Though, if at all possible, not including the password in the config file should be better
Did anyone started with this? Maybe we could just start first with the config and see later how we could handle units? 😅
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.rclone;
configOptions = types.nullOr (types.oneOf [
types.bool
types.int
types.float
types.str
(types.lazyAttrsOf configOptions)
(types.listOf configOptions)
]) // {
emptyValue.value = { };
};
in {
options.programs.rclone = {
enable = mkEnableOption "rclone";
package = mkOption {
type = types.package;
default = pkgs.rclone;
defaultText = literalExpression "pkgs.rclone";
description = "The package to use for rclone.";
};
settings = mkOption {
type = configOptions;
default = {};
};
};
config = mkIf cfg.enable {
home.packages = [ cfg.package ];
xdg.configFile."rclone/rclone.conf" = mkIf (cfg.settings != { }) {
text = lib.generators.toINI {} cfg.settings;
};
};
}
programs.rclone.enable = true;
programs.rclone.settings.Foo = {
type = "drive";
};
I would just throw then my secrets here too and then encrypt that file for my dotfiles git repository 🤔 .
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Also rclone is mostly configured through the interactive cli especially when you need to do some oauth2.
👎🏼 from me
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
what about simply letting the user specify the paths to secrets? I suppose that would be handled in an activation script?
Also rclone is mostly configured through the interactive cli especially when you need to do some oauth2.
rclone has many different use cases; the interactive cli isn't necessary, and in fact neither is a config file (it can be configured "on the fly" using CLI arguments, fstab options, etc.).
Config files also won't necessarily contain secrets, e.g. SFTP uses ~/.ssh, S3 uses ~/.aws, etc. which have separate management solutions. If that's a blocker, it may be easier to avoid secrets to begin with.
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.