From 67472d102e75190589ae3d181b959152c18dd123 Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Thu, 14 Dec 2023 11:50:23 +0900
Subject: [PATCH] Update secrets for backups-rpi4

---
 nixos/hosts/backups-rpi4/backup-script.nix | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/nixos/hosts/backups-rpi4/backup-script.nix b/nixos/hosts/backups-rpi4/backup-script.nix
index 4b83448d..071d5b5f 100644
--- a/nixos/hosts/backups-rpi4/backup-script.nix
+++ b/nixos/hosts/backups-rpi4/backup-script.nix
@@ -4,8 +4,10 @@ let
   rsync-backup = pkgs.writeScriptBin "rsync-backup" ''
 #!${pkgs.stdenv.shell}
 # Send the gotify notification:
-payload="{\"message\": \"Backup has started\nDate: `date`\", \"priority\": 2,\"title\": \"japan-rpi4:  Backup Started\"}"
-curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  ${sops.secrets.gotify-key}' -d "$payload" | jq
+
+GOTIFY_TOKEN=`cat /var/run/secrets/gotify_token`
+payload="{\"message\": \"Backup has started\nDate: `date`\", \"priority\": 2,\"title\": \"backups-rpi4:  Backup Started\"}"
+curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  $GOTIFY_TOKEN' -d "$payload" | jq
 
 drive1=`lsblk -o NAME,SERIAL | grep -v crypt | grep 9RGHYP8C | awk {'print $1'}`
 drive2=`lsblk -o NAME,SERIAL | grep -v crypt | grep 9RGXW93C | awk {'print $1'}`
@@ -18,8 +20,8 @@ echo "Drive 3:  $drive3"
 echo "Checking if the NAS is mounted on nuc-docker01:"
 check=$(ssh root@nuc-docker01 df -h | grep Storage | wc -l)
 if [[ $check != 3 ]] ; then  
-	payload="{\"message\": \"Backup stopped.  nuc-docker01 does not have 3 mounts in Storage\nDate: `date`\", \"priority\": 2,\"title\": \"japan-rpi4:  Backup Stopped\"}"
-	curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  ${sops.secrets.gotify-key}' -d "$payload" | jq
+	payload="{\"message\": \"Backup stopped.  nuc-docker01 does not have 3 mounts in Storage\nDate: `date`\", \"priority\": 2,\"title\": \"backups-rpi4:  Backup Stopped\"}"
+	curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  $GOTIFY_TOKEN' -d "$payload" | jq
 	exit
 fi
 RESTORE='\033[0m'
@@ -123,10 +125,16 @@ fi
 
 /bin/echo "Sending completion message"
 payload="{\"message\": \"Backup completed\nDate: `date`\n`df -h | grep sda`\n`df -h | grep sdb`\n`df -h | grep sdc`\", \"priority\": 2,\"title\": \"rocky-rpi4:  Backup Complete\"}"
-curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  ${sops.secrets.gotify-key}' -d "$payload" | jq
+curl -X 'POST' 'https://gotify.sysctl.io/message' -H 'accept: application/json' -H 'Content-Type: application/json' -H 'X-Gotify-Key:  $GOTIFY_TOKEN' -d "$payload" | jq
 
 '';
 in
 {
-  config.environment.systemPackages = [ rsync-backup ];
+  environment.systemPackages = [ rsync-backup ];  
+  
+  # Set up the secret for the password:
+  sops.secrets."gotify_token" = {
+    owner = "root";
+    sopsFile = ../../../secrets/backups-rpi4.yaml;
+  };
 }
\ No newline at end of file