|
|
|
|
@ -33,7 +33,7 @@ let
|
|
|
|
|
# script to use restic as user without dealing with authentication
|
|
|
|
|
authScript = pkgs.writeShellScriptBin "restic-auth" ''
|
|
|
|
|
. <(pass nixos/machines/${config.networking.hostName}/restic-s3 | sed 's/^/export /')
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
|
|
|
|
${pkgs.unstable.restic}/bin/restic \
|
|
|
|
|
--password-command="pass nixos/machines/${config.networking.hostName}/restic-password" \
|
|
|
|
|
--repo "${repository}" \
|
|
|
|
|
$@
|
|
|
|
|
@ -67,9 +67,14 @@ in
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# custom module
|
|
|
|
|
disabledModules = [ "services/backup/restic.nix" ];
|
|
|
|
|
imports = [ (import /home/simon/src/nixpkgs/nixos/modules/services/backup/restic.nix { inherit config lib; pkgs = pkgs.unstable; }) ];
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.restic.backups."${name}" = {
|
|
|
|
|
inherit repository;
|
|
|
|
|
# FIXME: replace with secret once repository uses rest server
|
|
|
|
|
repositoryFile = (pkgs.writeText "restic-repository" repository);
|
|
|
|
|
passwordFile = toString <secrets/restic-password>;
|
|
|
|
|
s3CredentialsFile = toString <secrets/restic-s3>;
|
|
|
|
|
paths = [
|
|
|
|
|
|
Simon Bruder