Fix restic-server setup

3 files changed, 12 insertions, 8 deletions

diff --git a/tw/services/restic.scm b/tw/services/restic.scm
index c0c09552..424a3a35 100644
--- a/tw/services/restic.scm
+++ b/tw/services/restic.scm
@@ -15,15 +15,16 @@
 (define-maybe/no-serialization string)
 
 ;; TODO: implement --tls, --tls-cert and --tls-key, maybe using certbot-service-type?
+;; TODO: implement --log
 (define-configuration/no-serialization restic-server-configuration
   (repository-path (string "/var/lib/restic") "The directory containing
 restic's repositories and @code{.htpasswd} file, unless otherwise configured
 using @code{htpasswd-file}.")
   (restic-server (package restic-rest-server) "The restic REST server package to use.")
   (bind-address (string ":8000") "The listen address (including port) to bind to.")
-  (htpasswd-file (maybe-string #f) "Location of @code{.htpasswd} file
-(default: @code{REPOSITORY-PATH/.htpasswd}).  Use @code{htpasswd} from the
-@code{httpd} package to create and/or update this file.")
+  (htpasswd-file (maybe-string %unset-value) "Location of @code{.htpasswd}
+file (default: @code{REPOSITORY-PATH/.htpasswd}).  Use @code{htpasswd} from
+the @code{httpd} package to create and/or update this file.")
   (auth? (boolean #t) "Whether to authenticate users at all (using .htpasswd).")
   (verify-upload? (boolean #t) "Whether to verify the integrity of uploaded
 data.  @emph{Do not disable} unless the restic server is to be run on a very
@@ -40,8 +41,11 @@ private restic repos.")
 (define (restic-server-arguments config)
   "Turn CONFIG into a list of arguments to the restic-rest-server executable."
   `("--path" ,(restic-server-configuration-repository-path config)
-    "--log" "/var/log/restic-server.log"
     "--listen" ,(restic-server-configuration-bind-address config)
+    ,@(let ((htpasswd-file (restic-server-configuration-htpasswd-file config)))
+        (if (string? htpasswd-file) `("--htpasswd-file" ,htpasswd-file) '()))
+    ,@(if (restic-server-configuration-auth? config) '() '("--no-auth"))
+    ,@(if (restic-server-configuration-verify-upload? config) '() '("--no-verify-upload"))
     ,@(if (restic-server-configuration-append-only? config) '("--append-only") '())
     ,@(let ((max-size (restic-server-configuration-max-repository-size config)))
         (if (integer? max-size) `("--max-size" ,max-size) '()))
diff --git a/tw/system.scm b/tw/system.scm
index 0b738038..f7ac429c 100644
--- a/tw/system.scm
+++ b/tw/system.scm
@@ -44,12 +44,12 @@
     ("pi3.twilken.net" . 51022)))
 
 (export server-wireguard-address)
-(define* (server-wireguard-address host-name #:optional (port ""))
+(define* (server-wireguard-address host-name #:optional port)
   (string-replace-substring
    (car   ; get the IPv4 address
     (wireguard-peer-allowed-ips
      (assoc-ref %wireguard-peers host-name)))
-   "/32" port))
+   "/32" (if port (format #f ":~a" port) "")))
 
 (define-public (server-base-services host-name)
   (cons*
@@ -69,7 +69,7 @@
    (service prometheus-node-exporter-service-type
      (prometheus-node-exporter-configuration
       (web-listen-address
-       (server-wireguard-address host-name ":9100"))))
+       (server-wireguard-address host-name 9100))))
 
    (simple-service 'disk-maintenance mcron-service-type
      (list #~(job "0 2 * * *" "guix gc -d 2w")
diff --git a/tw/system/vin.scm b/tw/system/vin.scm
index e74d0df6..9c467a54 100644
--- a/tw/system/vin.scm
+++ b/tw/system/vin.scm
@@ -47,7 +47,7 @@
         (restic-server-configuration
          (repository-path "/var/backups/restic")
          (bind-address
-          (server-wireguard-address host-name ":8181"))
+          (server-wireguard-address host-name 8181))
          (append-only? #t)  ; run cleanup jobs separately, using plain restic
          (private-repos-only? #t)  ; require /user/ path prefix
          (prometheus? #t)