pkgs/clerie-backup: Support sftp backend for restic

modules/backup/default.nix

@@ -60,16 +60,19 @@ let
         config.sops.secrets."clerie-backup-job-${jobName}".path;
       repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
       targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
-        config.sops.secrets."clerie-backup-target-${targetName}".path;
+        config.sops.secrets."clerie-backup-target-${targetName}".path or null;
       targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
     in {
       "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
       "clerie-backup/${jobName}-${targetName}/repo_url".text = "${targetOptions.serverUrl}${repoPath}";
       "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
-      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
       "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
       "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
-    }
+    } // (if targetPasswordFile == null then {} else {
+      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
+    }) // (if targetOptions.sshKeyFile == null then {} else {
+      "clerie-backup/${jobName}-${targetName}/ssh_key".source = targetOptions.sshKeyFile;
+    })
   ) jobTargetPairs);
 
   targetOptions = { ... }: {
@@ -85,6 +88,10 @@ let
       serverUrl = mkOption {
         type = types.str;
       };
+      sshKeyFile = mkOption {
+        type = with types; nullOr str;
+        default = null;
+      };
     };
   };
 

pkgs/clerie-backup/clerie-backup.sh

@@ -45,30 +45,39 @@ if [[ ! -f "${CONFIG_DIR}/auth_username" ]]; then
 	echo "File ${CONFIG_DIR}/auth_username not found"
 	ISSUE_EXIST=1
 fi
-if [[ ! -f "${CONFIG_DIR}/auth_password" ]]; then
-	echo "File ${CONFIG_DIR}/auth_password not found"
-	ISSUE_EXIST=1
-fi
 if [[ -n "${ISSUE_EXIST}" ]]; then
 	exit 1
 fi
 
 RESTIC_PASSWORD_FILE="${CONFIG_DIR}/repo_password"
 export RESTIC_PASSWORD_FILE
-RESTIC_REPOSITORY="rest:$(cat "${CONFIG_DIR}/repo_url")"
+REPO_URL="$(cat "${CONFIG_DIR}/repo_url")"
+if [[ "${REPO_URL}" == http* ]]; then
+	RESTIC_REPOSITORY="rest:${REPO_URL}"
+else
+	RESTIC_REPOSITORY="${REPO_URL}"
+fi
 export RESTIC_REPOSITORY
 RESTIC_REST_USERNAME="$(cat "${CONFIG_DIR}/auth_username")"
 export RESTIC_REST_USERNAME
-RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")"
-export RESTIC_REST_PASSWORD
+if [[ -e "${CONFIG_DIR}/auth_password" ]]; then
+	RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")"
+	export RESTIC_REST_PASSWORD
+fi
 RESTIC_PROGRESS_FPS="0.1"
 export RESTIC_PROGRESS_FPS
 RESTIC_CACHE_DIR="/var/cache/restic"
 export RESTIC_CACHE_DIR
 
+EXTRA_OPTIONS=()
+
+if [[ -e "${CONFIG_DIR}/ssh_key" ]]; then
+	EXTRA_OPTIONS+=("-o" "sftp.args='-o IdentityFile=${CONFIG_DIR}/ssh_key'")
+fi
+
 case "${ACTION}" in
 restic)
-	restic "$@"
+	restic "${EXTRA_OPTIONS[@]}" "$@"
 	;;
 backup)
 	ISSUE_EXIST=
@@ -84,9 +93,9 @@ backup)
 		exit 1
 	fi
 
-        restic snapshots --latest 1 || restic init
+        restic "${EXTRA_OPTIONS[@]}" snapshots --latest 1 || restic "${EXTRA_OPTIONS[@]}" init
 
-        restic backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files"
+        restic "${EXTRA_OPTIONS[@]}" backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files"
 	;;
 *)
 	echo "Unsupported ACTION: ${ACTION}"