From 8729e8e26102554a235b53c9e327b0ca6ebea8bb Mon Sep 17 00:00:00 2001
From: Aneesh Agrawal <aneeshusa@gmail.com>
Date: Sun, 2 Jan 2022 04:07:11 -0500
Subject: [PATCH] nixos/restic-rest-server: Autocreate empty .htpasswd if
 needed for service boot

When `privateRepos = true`, the service will not start if the `.htpasswd` does not exist.
Use `systemd-tmpfiles` to autocreate an (empty) file to ensure the service can boot
before actual `htpasswd` contents are registered.

This is safe as restic-rest-server will deny all entry if the file is empty.
---
 nixos/modules/services/backup/restic-rest-server.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixos/modules/services/backup/restic-rest-server.nix b/nixos/modules/services/backup/restic-rest-server.nix
index 86744637f85d..4717119f178a 100644
--- a/nixos/modules/services/backup/restic-rest-server.nix
+++ b/nixos/modules/services/backup/restic-rest-server.nix
@@ -95,6 +95,10 @@ in
       };
     };
 
+    systemd.tmpfiles.rules = mkIf cfg.privateRepos [
+        "f ${cfg.dataDir}/.htpasswd 0700 restic restic -"
+    ];
+
     users.users.restic = {
       group = "restic";
       home = cfg.dataDir;