test passwordFile
This commit is contained in:
parent
210af3b949
commit
75ba7e2d88
1 changed files with 19 additions and 3 deletions
22
flake.nix
22
flake.nix
|
@ -87,8 +87,13 @@
|
||||||
type = lib.types.submodule {
|
type = lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
enable = lib.options.mkEnableOption "Restic";
|
enable = lib.options.mkEnableOption "Restic";
|
||||||
|
passwordFile = lib.options.mkOption {
|
||||||
|
type = lib.types.nullOr lib.types.str;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
password = lib.options.mkOption {
|
password = lib.options.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
storage = lib.options.mkOption {
|
storage = lib.options.mkOption {
|
||||||
type = lib.types.enum [
|
type = lib.types.enum [
|
||||||
|
@ -187,11 +192,22 @@
|
||||||
}.${cfg.storage};
|
}.${cfg.storage};
|
||||||
in
|
in
|
||||||
lib.mkIf cfg.enable {
|
lib.mkIf cfg.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.passwordFile != null and cfg.password != null;
|
||||||
|
message = "Must specifiy either passwordFile or password";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
warnings =
|
||||||
|
if cfg.password != null then [
|
||||||
|
''Restic encryption password will be stored world readable in the Nix store.''
|
||||||
|
] else [ ];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
package
|
package
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.etc."restic/password" = {
|
environment.etc."restic/password" = lib.mkIf cfg.password != null {
|
||||||
text = cfg.password;
|
text = cfg.password;
|
||||||
user = "root";
|
user = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
|
@ -230,7 +246,7 @@
|
||||||
text = ''
|
text = ''
|
||||||
${hcConfig}
|
${hcConfig}
|
||||||
RESTIC_CACHE_DIR=/var/cache/restic
|
RESTIC_CACHE_DIR=/var/cache/restic
|
||||||
RESTIC_PASSWORD_FILE=/etc/restic/password
|
RESTIC_PASSWORD_FILE=${if cfg.passwordFile != null then cfg.passwordFile else "/etc/restic/password"}
|
||||||
RESTIC_REPOSITORY=${repositoryConfig}
|
RESTIC_REPOSITORY=${repositoryConfig}
|
||||||
${storageConfig}
|
${storageConfig}
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue