diff options
Diffstat (limited to 'nixos/modules/services/backup/restic.nix')
-rw-r--r-- | nixos/modules/services/backup/restic.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 21d82469c605..409c05221d03 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -14,7 +14,15 @@ with lib; Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; + }; + s3CredentialsFile = mkOption { + type = with types; nullOr str; + description = '' + file containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + for an S3-hosted repository, in the format of an EnvironmentFile + as described by systemd.exec(5) + ''; }; repository = mkOption { @@ -119,7 +127,6 @@ with lib; mapAttrs' (name: backup: let extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - connectTo = elemAt (splitString ":" backup.repository) 1; resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; in nameValuePair "restic-backups-${name}" ({ environment = { @@ -134,6 +141,8 @@ with lib; Type = "oneshot"; ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}"; User = backup.user; + } // optionalAttrs (backup.s3CredentialsFile != null) { + EnvironmentFile = backup.s3CredentialsFile; }; } // optionalAttrs backup.initialize { preStart = '' |