From 931c7ee91baec8135fcd4dbdaf4b94622a3d0ee5 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Mon, 21 Dec 2020 12:54:33 +0100
Subject: [PATCH] restic: Add restic-auth authentication wrapper

---
 modules/restic.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/restic.nix b/modules/restic.nix
index ff422aa..5e23908 100644
--- a/modules/restic.nix
+++ b/modules/restic.nix
@@ -45,6 +45,15 @@ let
   ];
   excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
   maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
+
+  # script to use restic as user without dealing with authentication
+  authScript = pkgs.writeShellScriptBin "restic-auth" ''
+    . <(pass nixos/machines/${config.networking.hostName}/restic-s3 | sed 's/^/export /')
+    ${pkgs.restic}/bin/restic \
+      --password-command="pass nixos/machines/${config.networking.hostName}/restic-password" \
+      --repo "${repository}" \
+      $@
+  '';
 in
 {
   options.sbruder.restic = {
@@ -91,5 +100,9 @@ in
       "IOSchedulingClass" = "best-effort";
       "IOSchedulingPriority" = 7;
     };
+
+    environment.systemPackages = [
+      authScript
+    ];
   };
 }