sokai/mynixos-extra-modules
1
0
Fork 0
forked from mirrors_public/oddlama_nixos-extra-modules
Code Pull requests Activity

fix: agenix secrets runtime path

Browse source
This commit is contained in:
Patrick Großmann 2024-01-15 01:55:12 +01:00
parent a776d7c476
commit 5d15007c52
No known key found for this signature in database
GPG key ID: 451F95EFB8BECD0F
3 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/restic.nix
View file

@ -1,4 +1,8 @@
{lib, ...}: let
{
lib,
config,
...
}: let
inherit
(lib)
mkEnableOption
@ -8,7 +12,7 @@
;
in {
options.services.restic.backups = mkOption {
type = types.attrsOf (types.submodule ({config, ...}: {
type = types.attrsOf (types.submodule (submod: {
options.hetznerStorageBox = {
enable = mkEnableOption "Automatically configure this backup to use the given hetzner storage box. Will use SFTP via SSH.";
@ -35,20 +39,20 @@ in {
'';
};
sshPrivateKeyFile = mkOption {
type = types.path;
description = "The path to the ssh private key to use for uploading backups. Don't use a path from the nix store!";
sshAgeSecret = mkOption {
type = types.str;
description = "The name of the agenix secret containing the ssh private key for accesing the storage box.";
};
};
config = let
subuser = "${config.hetznerStorageBox.mainUser}-sub${toString config.hetznerStorageBox.subUid}";
subuser = "${submod.config.hetznerStorageBox.mainUser}-sub${toString submod.config.hetznerStorageBox.subUid}";
url = "${subuser}@${subuser}.your-storagebox.de";
in
mkIf config.hetznerStorageBox.enable {
mkIf submod.config.hetznerStorageBox.enable {
repository = "sftp://${url}:23/";
extraOptions = [
"sftp.command='ssh -s sftp -p 23 -i ${config.hetznerStorageBox.sshPrivateKeyFile} ${url}'"
"sftp.command='ssh -s sftp -p 23 -i ${config.age.secrets.${submod.config.hetznerStorageBox.sshAgeSecret}.path} ${url}'"
];
};
}));