From 6c4e2de9bb202ef2eb5c0e9a9db693f06ba947f5 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 28 Apr 2024 12:04:29 +0200
Subject: [PATCH] modules/backup: Lookups passwords in sops too

---
 modules/backup/default.nix | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/modules/backup/default.nix b/modules/backup/default.nix
index 8d02489..6db5467 100644
--- a/modules/backup/default.nix
+++ b/modules/backup/default.nix
@@ -22,9 +22,13 @@ let
   );
 
   backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
-    jobPasswordFile = if jobOptions.passwordFile == null then config.age.secrets."clerie-backup-job-${jobName}".path else jobOptions.passwordFile;
+    jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
+      if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
+        config.age.secrets."clerie-backup-job-${jobName}".path;
     repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-    targetPasswordFile = if targetOptions.passwordFile == null then config.age.secrets."clerie-backup-target-${targetName}".path else targetOptions.passwordFile;
+    targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
+      if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
+        config.age.secrets."clerie-backup-target-${targetName}".path;
     targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
   in
     nameValuePair "clerie-backup-${jobName}-${targetName}" {
@@ -68,9 +72,13 @@ let
   ) jobTargetPairs);
 
   backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
-      jobPasswordFile = if jobOptions.passwordFile == null then config.age.secrets."clerie-backup-job-${jobName}".path else jobOptions.passwordFile;
+      jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
+        if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
+          config.age.secrets."clerie-backup-job-${jobName}".path;
       repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-      targetPasswordFile = if targetOptions.passwordFile == null then config.age.secrets."clerie-backup-target-${targetName}".path else targetOptions.passwordFile;
+      targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
+        if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
+          config.age.secrets."clerie-backup-target-${targetName}".path;
       targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
     in pkgs.writeShellApplication {
       name = "clerie-backup-${jobName}-${targetName}";