nixos/restic: add new repositoryFile option

Allow providing the repository as a file, useful when we don't want it
being stored in the Git repository as plain text.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
This commit is contained in:
Otavio Salvador 2022-06-02 13:40:39 -03:00
parent 082a4184ec
commit deae887c5a
2 changed files with 18 additions and 1 deletions

View file

@ -96,13 +96,22 @@ in
};
repository = mkOption {
type = types.str;
type = with types; nullOr str;
default = null;
description = ''
repository to backup to.
'';
example = "sftp:backup@192.168.1.100:/backups/${name}";
};
repositoryFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Path to the file containing the repository location to backup to.
'';
};
paths = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
@ -249,6 +258,7 @@ in
environment = {
RESTIC_PASSWORD_FILE = backup.passwordFile;
RESTIC_REPOSITORY = backup.repository;
RESTIC_REPOSITORY_FILE = backup.repositoryFile;
} // optionalAttrs (backup.rcloneOptions != null) (mapAttrs'
(name: value:
nameValuePair (rcloneAttrToOpt name) (toRcloneVal value)

View file

@ -4,6 +4,7 @@ import ./make-test-python.nix (
let
password = "some_password";
repository = "/tmp/restic-backup";
repositoryFile = "${pkgs.writeText "repositoryFile" "/tmp/restic-backup-from-file"}";
rcloneRepository = "rclone:local:/tmp/restic-rclone-backup";
passwordFile = "${pkgs.writeText "password" "correcthorsebatterystaple"}";
@ -31,6 +32,9 @@ import ./make-test-python.nix (
remotebackup = {
inherit repository passwordFile initialize paths pruneOpts;
};
remotebackup-from-file = {
inherit repositoryFile passwordFile initialize paths pruneOpts;
};
rclonebackup = {
repository = rcloneRepository;
rcloneConfig = {
@ -60,6 +64,7 @@ import ./make-test-python.nix (
server.wait_for_unit("dbus.socket")
server.fail(
"${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots",
'${pkgs.restic}/bin/restic --repository-file ${repositoryFile} -p ${passwordFile} snapshots"',
"${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots",
)
server.succeed(
@ -68,8 +73,10 @@ import ./make-test-python.nix (
"mkdir -p /tmp/restic-rclone-backup",
"timedatectl set-time '2016-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-remotebackup-from-file.service",
"systemctl start restic-backups-rclonebackup.service",
'${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
'${pkgs.restic}/bin/restic --repository-file ${repositoryFile} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
'${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
"timedatectl set-time '2017-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service",