mtls param renames

modules/features/restic.nix

@@ -19,6 +19,11 @@
           type = lib.types.str;
           default = "john-ubuntu";
         };
+        repoUrl = lib.mkOption {
+          description = "URL to the REST endpoint";
+          type = lib.types.str;
+          default = "rest:https://soteria.john-stream.com/${cfg.repoName}";
+        };
         passwordFile = lib.mkOption {
           description = "String path to the restic password file";
           type = lib.types.str;
@@ -44,29 +49,24 @@
         };
       };
 
-      config = let
-        resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
-        caCert = "${config.mtls.certDir}/root_ca.crt";
-        mtlsBundle = "${config.mtls.certDir}/${config.mtls.bundleFilename}";
-      in
-      {
+      config = {
         home.sessionVariables = {
-          RESTIC_REPOSITORY = resticRepository;
+          RESTIC_REPOSITORY = cfg.repoUrl;
           RESTIC_PASSWORD_FILE = cfg.passwordFile;
-          RESTIC_CACERT = caCert;
-          RESTIC_TLS_CLIENT_CERT = mtlsBundle;
+          RESTIC_CACERT = config.mtls.caFile;
+          RESTIC_TLS_CLIENT_CERT = config.mtls.bundleFile;
         };
         
         # This is necessary because the restic service in home manager doesn't otherwise expose these options.
         systemd.user.services."restic-backups-${cfg.repoName}".Service.Environment = [
-          "RESTIC_CACERT=${caCert}"
-          "RESTIC_TLS_CLIENT_CERT=${mtlsBundle}"
+          "RESTIC_CACERT=${config.mtls.caFile}"
+          "RESTIC_TLS_CLIENT_CERT=${config.mtls.bundleFile}"
         ];
 
         services.restic = {
           enable = true;
           backups.${cfg.repoName} = {
-            repository = resticRepository;
+            repository = cfg.repoUrl;
             passwordFile = cfg.passwordFile;
             paths = cfg.paths;
             timerConfig = {