Burp client: Add encryptionPasswordFile option
This commit is contained in:
parent
44c073c07c
commit
3cab037898
|
|
@ -98,6 +98,7 @@ in
|
||||||
server = "rupert";
|
server = "rupert";
|
||||||
sslKeyPassword = definedInPersonalDotNix;
|
sslKeyPassword = definedInPersonalDotNix;
|
||||||
includes = [ "/etc/nixos" "/home" ];
|
includes = [ "/etc/nixos" "/home" ];
|
||||||
|
encryptionPasswordFile = "/secrets/burp_encryption_password";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
working_dir_recovery_method = resume
|
working_dir_recovery_method = resume
|
||||||
max_resume_attempts = 5
|
max_resume_attempts = 5
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,9 @@ let
|
||||||
${concatMapStringsSep "\n" (x: "include = " + x) cfg.client.includes}
|
${concatMapStringsSep "\n" (x: "include = " + x) cfg.client.includes}
|
||||||
${concatMapStringsSep "\n" (x: "exclude = " + x) cfg.client.excludes}
|
${concatMapStringsSep "\n" (x: "exclude = " + x) cfg.client.excludes}
|
||||||
nobackup = .nobackup
|
nobackup = .nobackup
|
||||||
|
${optionalString (cfg.client.encryptionPasswordFile != null) ''
|
||||||
|
encryption_password = #ENCRYPTION_PASSWORD#
|
||||||
|
''}
|
||||||
${cfg.client.extraConfig}
|
${cfg.client.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
@ -326,6 +329,14 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
encryptionPasswordFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
File with a password for encrypted backups.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
|
|
@ -354,13 +365,28 @@ in {
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
path = [ cfg.package pkgs.nettools pkgs.openssl ];
|
path = [ cfg.package pkgs.nettools pkgs.openssl ];
|
||||||
|
|
||||||
preStart = ''
|
preStart = let
|
||||||
|
configFile = "${libDir}/burp.conf";
|
||||||
|
replaceSecret = "${pkgs.replace-secret}/bin/replace-secret";
|
||||||
|
in ''
|
||||||
|
prepare_config()
|
||||||
|
{
|
||||||
|
umask 027
|
||||||
|
install -Dm640 ${clientConf} '${configFile}'
|
||||||
|
|
||||||
|
${optionalString (cfg.client.encryptionPasswordFile != null) ''
|
||||||
|
${replaceSecret} '#ENCRYPTION_PASSWORD#' '${cfg.client.encryptionPasswordFile}' '${configFile}'
|
||||||
|
''}
|
||||||
|
}
|
||||||
|
|
||||||
if [ ! -d "${libDir}" ]; then
|
if [ ! -d "${libDir}" ]; then
|
||||||
mkdir -m 0755 -p ${libDir}
|
mkdir -m 0750 -p ${libDir}
|
||||||
mkdir -m 0700 -p ${clientCertDir}
|
mkdir -m 0700 -p ${clientCertDir}
|
||||||
${cfg.package}/bin/burp -c ${libDir}/burp.conf -g
|
prepare_config
|
||||||
|
${cfg.package}/bin/burp -c '${configFile}' -g
|
||||||
|
else
|
||||||
|
prepare_config
|
||||||
fi
|
fi
|
||||||
ln -f -s ${clientConf} ${libDir}/burp.conf
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue