From f8c40ff627aa94627825f7ac1145247986476b22 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Tue, 17 Mar 2026 11:57:40 -0500
Subject: [PATCH] restic env vars

---
 modules/services/restic/restic.nix | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/modules/services/restic/restic.nix b/modules/services/restic/restic.nix
index 8f5c9f4..f624feb 100644
--- a/modules/services/restic/restic.nix
+++ b/modules/services/restic/restic.nix
@@ -21,17 +21,29 @@
         };
       };
 
-      config = {
+      config = let
+        resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
+        caCert = "${config.mtls.certDir}/root_ca.crt";
+        mtlsClientCert = "${config.mtls.certDir}/${config.mtls.bundleFilename}";
+      in
+      {
+        home.sessionVariables = {
+          RESTIC_REPOSITORY = resticRepository;
+          RESTIC_PASSWORD_FILE = cfg.passwordFile;
+          RESTIC_CACERT = caCert;
+          RESTIC_TLS_CLIENT_CERT = mtlsClientCert;
+        };
+
         services.restic = {
           enable = true;
           backups.${cfg.repoName} = {
+            repository = resticRepository;
             passwordFile = cfg.passwordFile;
-            paths = cfg.paths;
-            repository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
             extraBackupArgs = [
-              "--tls-client-cert ${config.mtls.certDir}/${config.mtls.bundleFilename}"
-              "--cacert ${config.mtls.certDir}/root_ca.crt"
+              "--tls-client-cert ${mtlsClientCert}"
+              "--cacert ${caCert}"
             ];
+            paths = cfg.paths;
             timerConfig = {
               OnCalendar = "00:05";
               Persistent = true;