expose the path to the backup passphrase as an option

2022-07-17 20:40:12 +02:00 · 2022-07-17 20:40:12 +02:00 · fa2ff2bd39
commit fa2ff2bd39
parent c0202bbdef
4 changed files with 29 additions and 15 deletions
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@ -46,9 +46,8 @@ in
      vpnExtension = "3";
    };
    backupClient = {
-      enable = true;
-      bs = true;
-      gs = false;
+      bs.enable = true;
+      gs.enable = false;
    };
  };

--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@ -24,14 +24,30 @@ in
  {
    options = {
      dadada.backupClient = {
-        enable = mkEnableOption "Enable backup client";
-        gs = mkEnableOption "Enable backup to GS location";
-        bs = mkEnableOption "Enable backup to BS location";
+        gs = {
+          enable = mkEnableOption "Enable backup to GS location";
+          passphrasePath = mkOption {
+            type = with types; nullOr str;
+            description = ''
+              The path to the passphrase file.
+            '';
+            default = "/var/lib/borgbackup/gs/passphrase";
+          };
+        };
+        bs = {
+          enable = mkEnableOption "Enable backup to BS location";
+          passphrasePath = mkOption {
+            type = with types; nullOr str;
+            description = ''
+              The path to the passphrase file.
+            '';
+            default = "/var/lib/borgbackup/bs/passphrase";
+          };
+        };
      };
    };

-  config = mkIf cfg.enable {
-
+  config = mkIf cfg.gs.enable {
    fileSystems = mkIf cfg.gs {
      "/backup" = {
        device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
@ -47,7 +63,7 @@ in
      doInit = false;
      encryption = {
        mode = "repokey";
-        passCommand = "cat /var/lib/borgbackup/gs/passphrase";
+        passCommand = "cat ${cfg.gs.passphrasePath}";
      };
      compression = "auto,lz4";
      prune.keep = {
@ -58,7 +74,7 @@ in
        yearly = -1; # Keep at least one archive for each year
      };
      startAt = "monthly";
-    };
+    } // mkIf cfg.bs.enable {

    services.borgbackup.jobs.bs = mkIf cfg.bs {
      paths = "/";
@ -70,7 +86,7 @@ in
      };
      encryption = {
        mode = "repokey";
-        passCommand = "cat /var/lib/borgbackup/bs/passphrase";
+        passCommand = "cat ${cfg.bs.passphrasePath}";
      };
      compression = "auto,lz4";
      startAt = "daily";
@ -79,4 +95,5 @@ in
      };
    };
  };
+  };
 }
--- a/nixos/pruflas/configuration.nix
+++ b/nixos/pruflas/configuration.nix
@ -42,8 +42,7 @@ in {
  dadada.admin.enable = true;

  dadada.backupClient = {
-    enable = true;
-    bs = true;
+    bs.enable = true;
  };

  networking.useDHCP = false;
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@ -49,8 +49,7 @@ in
  dadada.homePage.enable = true;
  dadada.share.enable = true;
  dadada.backupClient = {
-    enable = true;
-    bs = true;
+    bs.enable = true;
  };

  networking.useDHCP = false;