tasks: refactor with path prefix

2025-01-31 10:58:02 +00:00 · 2023-07-05 13:14:38 +08:00 · 2023-07-05 13:14:38 +08:00 · 426e4e360a
commit 426e4e360a
parent 2e7cdeacf3
2 changed files with 19 additions and 15 deletions
--- a/modules/nixos/tasks/backup-archive/default.nix
+++ b/modules/nixos/tasks/backup-archive/default.nix
@ -38,6 +38,8 @@ let
  hetzner-boxes-user = "u332477";
  hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
  pathPrefix = "borg-backup";
 in
 {
  options.tasks.backup-archive.enable =
@ -46,7 +48,7 @@ in
  config = lib.mkIf cfg.enable {
    sops.secrets = lib.getSecrets
      (lib.getSecret "backup-archive.yaml")
-      (lib.attachSopsPathPrefix "borg-backup" {
+      (lib.attachSopsPathPrefix pathPrefix {
        "patterns/home" = { };
        "patterns/etc" = { };
        "patterns/keys" = { };
@ -66,11 +68,11 @@ in
      local-archive = borgJobCommonSetting
        {
          patterns = with config.sops; [
-            secrets."borg-backup/patterns/home".path
+            secrets."${pathPrefix}/patterns/home".path
-            secrets."borg-backup/patterns/etc".path
+            secrets."${pathPrefix}/patterns/etc".path
-            secrets."borg-backup/patterns/keys".path
+            secrets."${pathPrefix}/patterns/keys".path
          ];
-          passCommand = "cat ${config.sops.secrets."borg-backup/repos/archive/password".path}";
+          passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/archive/password".path}";
        } // {
        removableDevice = true;
        repo = "/mnt/archives/backups";
@ -80,11 +82,11 @@ in
      local-external-drive = borgJobCommonSetting
        {
          patterns = with config.sops; [
-            secrets."borg-backup/patterns/home".path
+            secrets."${pathPrefix}/patterns/home".path
-            secrets."borg-backup/patterns/etc".path
+            secrets."${pathPrefix}/patterns/etc".path
-            secrets."borg-backup/patterns/keys".path
+            secrets."${pathPrefix}/patterns/keys".path
          ];
-          passCommand = "cat ${config.sops.secrets."borg-backup/repos/external-drive/password".path}";
+          passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/external-drive/password".path}";
        } // {
        removableDevice = true;
        repo = "/mnt/external-storage/backups";
@ -94,20 +96,20 @@ in
      remote-backup-hetzner-box = borgJobCommonSetting
        {
          patterns = with config.sops; [
-            secrets."borg-backup/patterns/remote-backup".path
+            secrets."${pathPrefix}/patterns/remote-backup".path
          ];
-          passCommand = "cat ${config.sops.secrets."borg-backup/repos/hetzner-box/password".path}";
+          passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/hetzner-box/password".path}";
        } // {
        doInit = true;
        repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/desktop/ni";
        startAt = "daily";
-        environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";
+        environment.BORG_RSH = "ssh -i ${config.sops.secrets."${pathPrefix}/ssh-key".path}";
      };
    };
    programs.ssh.extraConfig = ''
      Host ${hetzner-boxes-server}
-        IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path}
+        IdentityFile ${config.sops.secrets."${pathPrefix}/ssh-key".path}
    '';
  };
 }
--- a/modules/nixos/tasks/multimedia-archive/default.nix
+++ b/modules/nixos/tasks/multimedia-archive/default.nix
@ -7,6 +7,8 @@ let
  deviantArt = name: "https://deviantart.com/${name}";
  artStation = name: "https://www.artstation.com/${name}";
  newgrounds = name: "https://${name}.newgrounds.com";
  pathPrefix = "multimedia-archive";
 in
 {
  options.tasks.multimedia-archive.enable =
@ -94,7 +96,7 @@ in
      environment.systemPackages = [ ytdlpArchiveVariant ];
      sops.secrets = lib.getSecrets (lib.getSecret "multimedia-archive.yaml")
-        (lib.attachSopsPathPrefix "multimedia-archive" {
+        (lib.attachSopsPathPrefix pathPrefix {
          "secrets-config" = { };
        });
@ -164,7 +166,7 @@ in
          # in the service properly since secrets decrypted by sops-nix cannot
          # be read in Nix.
          "--config"
-          "${config.sops.secrets."multimedia-archive/secrets-config".path}"
+          "${config.sops.secrets."${pathPrefix}/secrets-config".path}"
        ];
        settings.extractor = {