nixos/restic: add new repositoryFile option

Allow providing the repository as a file, useful when we don't want it
being stored in the Git repository as plain text.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

2 files changed, 18 insertions, 1 deletions

diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix
index 75c5025eff7..f4bcca39581 100644
--- a/nixos/modules/services/backup/restic.nix
+++ b/nixos/modules/services/backup/restic.nix
@@ -96,13 +96,22 @@ in
         };
 
         repository = mkOption {
-          type = types.str;
+          type = with types; nullOr str;
+          default = null;
           description = ''
             repository to backup to.
           '';
           example = "sftp:backup@192.168.1.100:/backups/${name}";
         };
 
+        repositoryFile = mkOption {
+          type = with types; nullOr path;
+          default = null;
+          description = ''
+            Path to the file containing the repository location to backup to.
+          '';
+        };
+
         paths = mkOption {
           type = types.nullOr (types.listOf types.str);
           default = null;
@@ -249,6 +258,7 @@ in
             environment = {
               RESTIC_PASSWORD_FILE = backup.passwordFile;
               RESTIC_REPOSITORY = backup.repository;
+              RESTIC_REPOSITORY_FILE = backup.repositoryFile;
             } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs'
               (name: value:
                 nameValuePair (rcloneAttrToOpt name) (toRcloneVal value)
diff --git a/nixos/tests/restic.nix b/nixos/tests/restic.nix
index 557193001f2..16d7edde0c1 100644
--- a/nixos/tests/restic.nix
+++ b/nixos/tests/restic.nix
@@ -4,6 +4,7 @@ import ./make-test-python.nix (
   let
     password = "some_password";
     repository = "/tmp/restic-backup";
+    repositoryFile = "${pkgs.writeText "repositoryFile" "/tmp/restic-backup-from-file"}";
     rcloneRepository = "rclone:local:/tmp/restic-rclone-backup";
 
     passwordFile = "${pkgs.writeText "password" "correcthorsebatterystaple"}";
@@ -31,6 +32,9 @@ import ./make-test-python.nix (
             remotebackup = {
               inherit repository passwordFile initialize paths pruneOpts;
             };
+            remotebackup-from-file = {
+              inherit repositoryFile passwordFile initialize paths pruneOpts;
+            };
             rclonebackup = {
               repository = rcloneRepository;
               rcloneConfig = {
@@ -60,6 +64,7 @@ import ./make-test-python.nix (
       server.wait_for_unit("dbus.socket")
       server.fail(
           "${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots",
+          '${pkgs.restic}/bin/restic --repository-file ${repositoryFile} -p ${passwordFile} snapshots"',
           "${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots",
       )
       server.succeed(
@@ -68,8 +73,10 @@ import ./make-test-python.nix (
           "mkdir -p /tmp/restic-rclone-backup",
           "timedatectl set-time '2016-12-13 13:45'",
           "systemctl start restic-backups-remotebackup.service",
+          "systemctl start restic-backups-remotebackup-from-file.service",
           "systemctl start restic-backups-rclonebackup.service",
           '${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
+          '${pkgs.restic}/bin/restic --repository-file ${repositoryFile} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
           '${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
           "timedatectl set-time '2017-12-13 13:45'",
           "systemctl start restic-backups-remotebackup.service",