home: add backblaze module (#38)

* home: add basic backblaze module * home/backblaze: add keyFile and KeyIdFile options * home/backblaze: handle secrets at home activation * home/backblaze: activate *after* systemd for agenix secrets * home/baxkblaze: fix spelling error in hm.dag.entryAfter * home/backblaze: improve docs * mauville/home: remove b2 authentication step * home/backblaze: avoid unbound XDG_RUNTIME_DIR * fix fmt
2024-11-22 02:13:55 -05:00 · 2024-07-16 12:44:50 -04:00 · 2024-07-16 12:44:50 -04:00 · cd90c68f8c
parent 67d0f7f6ac
commit cd90c68f8c
5 changed files with 51 additions and 14 deletions
--- a/homeManagerModules/apps/backblaze/default.nix
+++ b/homeManagerModules/apps/backblaze/default.nix
@ -0,0 +1,24 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.ar.home.apps.backblaze;
+in {
+  config = lib.mkIf cfg.enable {
+    home = {
+      activation.backblazeAuthentication = lib.hm.dag.entryAfter ["reloadSystemd"] ''
+        ${
+          if ((cfg.keyIdFile != null) && (cfg.keyFile != null))
+          then ''
+            XDG_RUNTIME_DIR=''${XDG_RUNTIME_DIR:-/run/user/$(id -u)}
+            run --quiet ${lib.getExe pkgs.backblaze-b2} authorize_account `${lib.getExe' pkgs.coreutils "cat"} ${cfg.keyIdFile}` `${lib.getExe' pkgs.coreutils "cat"} ${cfg.keyFile}`''
+          else ''run echo "backblaze: Missing keyIDfile and keyFile."''
+        }
+      '';
+
+      packages = with pkgs; [backblaze-b2];
+    };
+  };
+}
--- a/homeManagerModules/apps/default.nix
+++ b/homeManagerModules/apps/default.nix
@ -6,6 +6,7 @@
 }: {
  imports = [
    ./alacritty
+    ./backblaze
    ./bash
    ./chromium
    ./emacs
--- a/homeManagerModules/options.nix
+++ b/homeManagerModules/options.nix
@ -10,6 +10,23 @@ in {
  options.ar.home = {
    apps = {
      alacritty.enable = lib.mkEnableOption "Alacritty terminal.";
+
+      backblaze = {
+        enable = lib.mkEnableOption "Backblaze-b2 client with declarative authentication.";
+
+        keyIdFile = lib.mkOption {
+          description = "Backblaze key ID.";
+          default = null;
+          type = lib.types.nullOr lib.types.str;
+        };
+
+        keyFile = lib.mkOption {
+          description = "Backblaze application key.";
+          default = null;
+          type = lib.types.nullOr lib.types.str;
+        };
+      };
+
      bash.enable = lib.mkEnableOption "Bash defaults.";

      chromium = {
--- a/homes/aly/default.nix
+++ b/homes/aly/default.nix
@ -31,7 +31,6 @@ in {
    };

    packages = [
-      pkgs.backblaze-b2
      pkgs.browsh
      pkgs.curl
      pkgs.fractal
@ -84,6 +83,13 @@ in {
  ar.home = {
    apps = {
      alacritty.enable = true;
+
+      backblaze = {
+        enable = true;
+        keyIdFile = config.age.secrets.backblazeKeyId.path;
+        keyFile = config.age.secrets.backblazeKey.path;
+      };
+
      bash.enable = true;
      chromium.enable = true;
      emacs.enable = true;
--- a/hosts/mauville/home.nix
+++ b/hosts/mauville/home.nix
@ -17,12 +17,7 @@
      }
    ];

-    users.aly = lib.mkForce ({
-      config,
-      pkgs,
-      lib,
-      ...
-    }: {
+    users.aly = lib.mkForce {
      imports = [self.homeManagerModules.aly];

      systemd.user = {
@ -30,12 +25,6 @@
          Unit.Description = "Backup to Backblaze.";

          Service.ExecStart = "${pkgs.writeShellScript "backblaze-sync" ''
-            # Authenticate with backblaze.
-            b2KeyId=`cat ${config.age.secrets.backblazeKeyId.path}`
-            b2Key=`cat ${config.age.secrets.backblazeKey.path}`
-
-            ${lib.getExe pkgs.backblaze-b2} authorize_account $b2KeyId $b2Key
-
            declare -A backups
            backups=(
              ['/home/aly/pics/camera']="b2://aly-camera"
@ -63,6 +52,6 @@
          Unit.Description = "Daily backups to Backblaze.";
        };
      };
-    });
+    };
  };
 }