From e44549074a574d8bda612945a88e4a1fd3c456a8 Mon Sep 17 00:00:00 2001
From: Kylie McClain <kylie@somas.is>
Date: Thu, 28 Aug 2025 16:18:39 -0400
Subject: [PATCH] programs.rclone: fix injecting secret when value begins with
 "-"

---
 modules/programs/rclone.nix                      |  2 +-
 tests/integration/standalone/rclone/default.nix  |  2 +-
 ...pace.nix => secrets-arbitrary-characters.nix} | 16 ++++++++++------
 3 files changed, 12 insertions(+), 8 deletions(-)
 rename tests/integration/standalone/rclone/{secrets-with-whitespace.nix => secrets-arbitrary-characters.nix} (63%)

diff --git a/modules/programs/rclone.nix b/modules/programs/rclone.nix
index 3ba95bad..1e71e73d 100644
--- a/modules/programs/rclone.nix
+++ b/modules/programs/rclone.nix
@@ -259,7 +259,7 @@ in
 
               if ! ${lib.getExe cfg.package} config update \
                      ${remote.name} config_refresh_token=false \
-                     ${secret} "$(cat "${secretFile}")" \
+                     ${secret}="$(cat "${secretFile}")" \
                      --non-interactive; then
                 echo "Failed to inject secret \"${secretFile}\""
                 cleanup
diff --git a/tests/integration/standalone/rclone/default.nix b/tests/integration/standalone/rclone/default.nix
index f5e734c8..d0e4d063 100644
--- a/tests/integration/standalone/rclone/default.nix
+++ b/tests/integration/standalone/rclone/default.nix
@@ -21,7 +21,7 @@ in
   imports = [
     ./no-secrets.nix
     ./with-secrets-in-store.nix
-    ./secrets-with-whitespace.nix
+    ./secrets-arbitrary-characters.nix
     ./no-type.nix
     ./mount.nix
     ./shell.nix
diff --git a/tests/integration/standalone/rclone/secrets-with-whitespace.nix b/tests/integration/standalone/rclone/secrets-arbitrary-characters.nix
similarity index 63%
rename from tests/integration/standalone/rclone/secrets-with-whitespace.nix
rename to tests/integration/standalone/rclone/secrets-arbitrary-characters.nix
index 2b730d68..f33e437b 100644
--- a/tests/integration/standalone/rclone/secrets-with-whitespace.nix
+++ b/tests/integration/standalone/rclone/secrets-arbitrary-characters.nix
@@ -1,6 +1,6 @@
 { pkgs, ... }:
 let
-  module = pkgs.writeText "secrets-with-whitespace-module" ''
+  module = pkgs.writeText "secrets-arbitrary-characters-module" ''
     {
       programs.rclone.remotes = {
         alices-cool-remote-v3 = {
@@ -8,25 +8,29 @@ let
             type = "memory";
             description = "alices speeedy remote";
           };
-          secrets.spaces-secret = "${pkgs.writeText "secret" ''
-            This is a secret with spaces, it has single spaces,        and lots of spaces :3
-          ''}";
+          secrets = {
+            spaces-secret = "${pkgs.writeText "secret" ''
+              This is a secret with spaces, it has single spaces,        and lots of spaces :3
+            ''}";
+            symbols-secret = "${pkgs.writeText "secret" "-x'$$*>\"+:&#{!@'"}";
+          };
         };
       };
     }
   '';
 
-  expected = pkgs.writeText "secrets-with-whitespace-expected" ''
+  expected = pkgs.writeText "secrets-arbitrary-characters-expected" ''
     [alices-cool-remote-v3]
     description = alices speeedy remote
     type = memory
     spaces-secret = This is a secret with spaces, it has single spaces,        and lots of spaces :3
+    symbols-secret = -x'$$*>"+:&#{!@'
 
   '';
 in
 {
   script = ''
-    with subtest("Secrets with spaces"):
+    with subtest("Secrets with arbitrary characters"):
       succeed_as_alice("install -m644 ${module} /home/alice/.config/home-manager/test-remote.nix")
 
       actual = succeed_as_alice("home-manager switch")