restic mtls opts

2026-03-17 12:43:40 -05:00
parent f8c40ff627
commit d9fcbe68ad
1 changed files with 7 additions and 4 deletions
--- a/modules/services/restic/restic.nix
+++ b/modules/services/restic/restic.nix
@@ -33,16 +33,18 @@
          RESTIC_CACERT = caCert;
          RESTIC_TLS_CLIENT_CERT = mtlsClientCert;
        };
+        
+        # This is necessary because the restic service in home manager doesn't otherwise expose these options.
+        systemd.user.services."restic-backups-${cfg.repoName}".Service.Environment = [
+          "RESTIC_CACERT=${caCert}"
+          "RESTIC_TLS_CLIENT_CERT=${mtlsClientCert}"
+        ];

        services.restic = {
          enable = true;
          backups.${cfg.repoName} = {
            repository = resticRepository;
            passwordFile = cfg.passwordFile;
-            extraBackupArgs = [
-              "--tls-client-cert ${mtlsClientCert}"
-              "--cacert ${caCert}"
-            ];
            paths = cfg.paths;
            timerConfig = {
              OnCalendar = "00:05";
@@ -83,6 +85,7 @@
            ];
          };
        };
+
      };
    };
 }