restic: Add restic-auth authentication wrapper

modules/restic.nix

@@ -45,6 +45,15 @@ let
   ];
   excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
   maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
+
+  # script to use restic as user without dealing with authentication
+  authScript = pkgs.writeShellScriptBin "restic-auth" ''
+    . <(pass nixos/machines/${config.networking.hostName}/restic-s3 | sed 's/^/export /')
+    ${pkgs.restic}/bin/restic \
+      --password-command="pass nixos/machines/${config.networking.hostName}/restic-password" \
+      --repo "${repository}" \
+      $@
+  '';
 in
 {
   options.sbruder.restic = {
@@ -91,5 +100,9 @@ in
       "IOSchedulingClass" = "best-effort";
       "IOSchedulingPriority" = 7;
     };
+
+    environment.systemPackages = [
+      authScript
+    ];
   };
 }