modules/backup: Lookups passwords in sops too

2024-04-28 12:04:29 +02:00 · 2024-04-28 12:04:29 +02:00 · 6c4e2de9bb
commit 6c4e2de9bb
parent 4cf47229a4
1 changed files with 12 additions and 4 deletions
--- a/modules/backup/default.nix
+++ b/modules/backup/default.nix
@ -22,9 +22,13 @@ let
  );
  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
-    jobPasswordFile = if jobOptions.passwordFile == null then config.age.secrets."clerie-backup-job-${jobName}".path else jobOptions.passwordFile;
+    jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
      if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
        config.age.secrets."clerie-backup-job-${jobName}".path;
    repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-    targetPasswordFile = if targetOptions.passwordFile == null then config.age.secrets."clerie-backup-target-${targetName}".path else targetOptions.passwordFile;
+    targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
      if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
        config.age.secrets."clerie-backup-target-${targetName}".path;
    targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
  in
    nameValuePair "clerie-backup-${jobName}-${targetName}" {
@ -68,9 +72,13 @@ let
  ) jobTargetPairs);
  backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
-      jobPasswordFile = if jobOptions.passwordFile == null then config.age.secrets."clerie-backup-job-${jobName}".path else jobOptions.passwordFile;
+      jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
        if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
          config.age.secrets."clerie-backup-job-${jobName}".path;
      repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-      targetPasswordFile = if targetOptions.passwordFile == null then config.age.secrets."clerie-backup-target-${targetName}".path else targetOptions.passwordFile;
+      targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
        if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
          config.age.secrets."clerie-backup-target-${targetName}".path;
      targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
    in pkgs.writeShellApplication {
      name = "clerie-backup-${jobName}-${targetName}";