diff --git a/modules/backup/default.nix b/modules/backup/default.nix index 9cc552d..1f7c5c1 100644 --- a/modules/backup/default.nix +++ b/modules/backup/default.nix @@ -60,16 +60,19 @@ let config.sops.secrets."clerie-backup-job-${jobName}".path; repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath; targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else - config.sops.secrets."clerie-backup-target-${targetName}".path; + config.sops.secrets."clerie-backup-target-${targetName}".path or null; targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username; in { "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile; "clerie-backup/${jobName}-${targetName}/repo_url".text = "${targetOptions.serverUrl}${repoPath}"; "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername; - "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile; "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths; "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude; - } + } // (if targetPasswordFile == null then {} else { + "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile; + }) // (if targetOptions.sshKeyFile == null then {} else { + "clerie-backup/${jobName}-${targetName}/ssh_key".source = targetOptions.sshKeyFile; + }) ) jobTargetPairs); targetOptions = { ... }: { @@ -85,6 +88,10 @@ let serverUrl = mkOption { type = types.str; }; + sshKeyFile = mkOption { + type = with types; nullOr str; + default = null; + }; }; }; diff --git a/pkgs/clerie-backup/clerie-backup.sh b/pkgs/clerie-backup/clerie-backup.sh index 486b383..4f275db 100755 --- a/pkgs/clerie-backup/clerie-backup.sh +++ b/pkgs/clerie-backup/clerie-backup.sh @@ -45,30 +45,39 @@ if [[ ! -f "${CONFIG_DIR}/auth_username" ]]; then echo "File ${CONFIG_DIR}/auth_username not found" ISSUE_EXIST=1 fi -if [[ ! -f "${CONFIG_DIR}/auth_password" ]]; then - echo "File ${CONFIG_DIR}/auth_password not found" - ISSUE_EXIST=1 -fi if [[ -n "${ISSUE_EXIST}" ]]; then exit 1 fi RESTIC_PASSWORD_FILE="${CONFIG_DIR}/repo_password" export RESTIC_PASSWORD_FILE -RESTIC_REPOSITORY="rest:$(cat "${CONFIG_DIR}/repo_url")" +REPO_URL="$(cat "${CONFIG_DIR}/repo_url")" +if [[ "${REPO_URL}" == http* ]]; then + RESTIC_REPOSITORY="rest:${REPO_URL}" +else + RESTIC_REPOSITORY="${REPO_URL}" +fi export RESTIC_REPOSITORY RESTIC_REST_USERNAME="$(cat "${CONFIG_DIR}/auth_username")" export RESTIC_REST_USERNAME -RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")" -export RESTIC_REST_PASSWORD +if [[ -e "${CONFIG_DIR}/auth_password" ]]; then + RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")" + export RESTIC_REST_PASSWORD +fi RESTIC_PROGRESS_FPS="0.1" export RESTIC_PROGRESS_FPS RESTIC_CACHE_DIR="/var/cache/restic" export RESTIC_CACHE_DIR +EXTRA_OPTIONS=() + +if [[ -e "${CONFIG_DIR}/ssh_key" ]]; then + EXTRA_OPTIONS+=("-o" "sftp.args='-o IdentityFile=${CONFIG_DIR}/ssh_key'") +fi + case "${ACTION}" in restic) - restic "$@" + restic "${EXTRA_OPTIONS[@]}" "$@" ;; backup) ISSUE_EXIST= @@ -84,9 +93,9 @@ backup) exit 1 fi - restic snapshots --latest 1 || restic init + restic "${EXTRA_OPTIONS[@]}" snapshots --latest 1 || restic "${EXTRA_OPTIONS[@]}" init - restic backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files" + restic "${EXTRA_OPTIONS[@]}" backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files" ;; *) echo "Unsupported ACTION: ${ACTION}"