diff --git a/modules/hosts/john-pc-ubuntu.nix b/modules/hosts/john-pc-ubuntu.nix index 42f45f3..b3b535a 100644 --- a/modules/hosts/john-pc-ubuntu.nix +++ b/modules/hosts/john-pc-ubuntu.nix @@ -11,6 +11,7 @@ in certDir = "${config.mtls.certDir}"; CACert = "${certDir}/root_ca.crt"; mtlsBundle = "${certDir}/${config.mtls.bundleFilename}"; + resticPasswordFile = "${config.xdg.configHome}/restic/password.txt"; in { imports = with inputs.self.modules.homeManager; [ @@ -53,7 +54,6 @@ in # TODO: Add host-specific settings here: # - sops secret for `restic_password/john_ubuntu` - # - resticprofile profile definition # - zsh RESTIC* session variables # TODO: make this more restrictive, rather than allowing all unfree packages @@ -78,15 +78,12 @@ in }; }; sops.secrets."restic_password/john_ubuntu" = { - path = "${config.xdg.configHome}/restic/password.txt"; + path = resticPasswordFile; mode = "0400"; }; restic = { - passwordFile = "${config.xdg.configHome}/restic/password.txt"; - paths = [ - "${config.xdg.userDirs.documents}" - "/conf" - ]; + passwordFile = resticPasswordFile; + paths = [ "${config.xdg.userDirs.documents}" "/conf" ]; exclude = [ "/home/*/Pictures" "/home/*/Videos" @@ -95,25 +92,6 @@ in "/home/john/john-nas" ]; }; - - # programs.resticprofile = { - # enable= true; - # profiles = { - # default = { - # "inherit" = "base"; - # repository = "rest:https://soteria.john-stream.com/john-ubuntu"; - # cacert = "${CACert}"; - # tls-client-cert = "${mtlsBundle}"; - # backup = { - # source = [ - # "${config.xdg.userDirs.documents}" - # "/conf" - # ]; - # schedule = "*-*-* *:15,30,45:00"; - # }; - # }; - # }; - # }; }; flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {