From 6f8e4b8dd1619f46b38b39883fb9e1f491f8beb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20M=C3=A9meint?= <git@nicomem.com>
Date: Fri, 31 Oct 2025 18:13:41 +0100
Subject: [PATCH] nixos: Only create and bind volumes without variables

---
 contrib/nixos/modules/copyparty.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/contrib/nixos/modules/copyparty.nix b/contrib/nixos/modules/copyparty.nix
index ed183fb9..0f0a733b 100644
--- a/contrib/nixos/modules/copyparty.nix
+++ b/contrib/nixos/modules/copyparty.nix
@@ -48,6 +48,8 @@ let
 
   accountsWithPlaceholders = mapAttrs (name: attrs: passwordPlaceholder name);
 
+  volumesWithoutVariables = filterAttrs (k: v: !(hasInfix "\${" v.path)) cfg.volumes;
+
   configStr = ''
     ${mkSection "global" cfg.settings}
     ${cfg.globalExtraConfig}
@@ -325,7 +327,7 @@ in
           BindPaths =
             (if cfg.settings ? hist then [ cfg.settings.hist ] else [ ])
             ++ [ externalStateDir ]
-            ++ (mapAttrsToList (k: v: v.path) cfg.volumes);
+            ++ (mapAttrsToList (k: v: v.path) volumesWithoutVariables);
           # ProtectSystem = "strict";
           # Note that unlike what 'ro' implies,
           # this actually makes it impossible to read anything in the root FS,
@@ -367,7 +369,7 @@ in
               mode = ":755";
             };
           }
-        ) cfg.volumes
+        ) volumesWithoutVariables
       );
 
       users.groups = lib.mkIf (cfg.group == "copyparty") {