add Obnam backupEncrypted

This after I typoed an obnam setup and accidentially had a repo that was
backing up non-encrypted.

config-joey.hs

@@ -10,7 +10,6 @@ import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Network as Network
 import qualified Propellor.Property.Service as Service
 import qualified Propellor.Property.Ssh as Ssh
-import qualified Propellor.Property.Gpg as Gpg
 import qualified Propellor.Property.Cron as Cron
 import qualified Propellor.Property.Sudo as Sudo
 import qualified Propellor.Property.User as User
@@ -115,17 +114,15 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
 	& Ssh.passwordAuthentication True
 	-- Since ssh password authentication is allowed:
 	& Apt.serviceInstalledRunning "fail2ban"
-	& Obnam.backup "/" "33 1 * * *"
+	& Obnam.backupEncrypted "/" "33 1 * * *"
 		[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
 		, "--client-name=kitenet.net"
-		, "--encrypt-with=98147487"
 		, "--exclude=/var/cache"
 		, "--exclude=/var/tmp"
 		, "--exclude=/home/joey/lib"
 		, "--exclude=.*/tmp/"
 		, "--one-file-system"
-		] Obnam.OnlyClient
-		`requires` Gpg.keyImported "98147487" "root"
+		] Obnam.OnlyClient "98147487"
 		`requires` Ssh.keyImported SshRsa "root"
 			(Context "kite.kitenet.net")
 		`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"

src/Propellor/Property/Obnam.hs

@@ -3,6 +3,7 @@ module Propellor.Property.Obnam where
 import Propellor
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.Gpg as Gpg
 import Utility.SafeCommand
 
 import Data.List
@@ -31,16 +32,25 @@ data NumClients = OnlyClient | MultipleClients
 --
 -- >	& Obnam.backup "/srv/git" "33 3 * * *"
 -- >		[ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
--- >		, "--encrypt-with=1B169BE1"
 -- >		] Obnam.OnlyClient
--- >		`requires` Gpg.keyImported "1B169BE1" "root" 
 -- >		`requires` Ssh.keyImported SshRsa "root" (Context hostname)
 --
 -- How awesome is that?
 backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
-backup dir crontimes params numclients = backup' dir crontimes params numclients
+backup dir crontimes params numclients =
+	backup' dir crontimes params numclients
 		`requires` restored dir params
 
+-- | Like backup, but the specified gpg key id is used to encrypt
+-- the repository. 
+--
+-- The gpg secret key will be automatically imported
+-- into root's keyring using Propellor.Property.Gpg.keyImported
+backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
+backupEncrypted dir crontimes params numclients keyid =
+	backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
+		`requires` Gpg.keyImported keyid "root"
+
 -- | Does a backup, but does not automatically restore.
 backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
 backup' dir crontimes params numclients = cronjob `describe` desc

src/Propellor/Property/SiteSpecific/JoeySites.hs

@@ -142,12 +142,11 @@ obnamLowMem = combineProperties "obnam tuned for low memory use"
 gitServer :: [Host] -> Property
 gitServer hosts = propertyList "git.kitenet.net setup"
 	[ Obnam.latestVersion
-	, Obnam.backup "/srv/git" "33 3 * * *"
+	, Obnam.backupEncrypted "/srv/git" "33 3 * * *"
 		[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
 		, "--encrypt-with=1B169BE1"
 		, "--client-name=wren" -- historical
-		] Obnam.OnlyClient
-		`requires` Gpg.keyImported "1B169BE1" "root"
+		] Obnam.OnlyClient "1B169BE1"
 		`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
 		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
 		`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")