From 7cdd0aab827504ae465d50f96cbbf52314dddca2 Mon Sep 17 00:00:00 2001
From: Thomas Hintz <t@thintz.com>
Date: Wed, 22 Apr 2026 14:56:54 -0700
Subject: [PATCH] Ensuring restic is initialized.

---
 Makefile       |  2 +-
 init-restic.sh | 32 +++++++++++++++++++++++++++-----
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 0b4530f..1868fad 100644
--- a/Makefile
+++ b/Makefile
@@ -125,7 +125,7 @@ plan: ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
 announce-start:
 	echo "NASSELLA_CONFIG: start"
 
-apply: announce-start ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
+apply: announce-start restic-init ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
 	echo "NASSELLA_CONFIG: end"
 	terraform init
 	bash -c "terraform apply -auto-approve -input=false -var-file=<(cat $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars)"
diff --git a/init-restic.sh b/init-restic.sh
index cfc2463..de20700 100755
--- a/init-restic.sh
+++ b/init-restic.sh
@@ -1,9 +1,31 @@
 #!/bin/bash
 
-set -e
+. $1 # source the apps.config file with the env vars
 
-. $1 # source the apps.config file with then env vars
+mkdir -p "emptydir-$ROOT_DOMAIN"
 
-mkdir -p emptydir
-docker run --rm --volume $PWD/emptydir:/nassella --volume $PWD/restic-password:/restic-password -e AWS_ACCESS_KEY_ID="$BACKBLAZE_KEY_ID" -e AWS_SECRET_ACCESS_KEY="$BACKBLAZE_APPLICATION_KEY" -i restic/restic:0.18.0 init --repo s3:$BACKBLAZE_BUCKET_URL --password-file /restic-password
-rm -Rf emptydir
+# from the restic docs, this allows us to check if the
+# repo is initialized. If it is not, this will have the
+# exit code of 10
+docker run --rm --volume "$PWD/emptydir-$ROOT_DOMAIN:/nassella" --volume $PWD/restic-password:/restic-password -e AWS_ACCESS_KEY_ID="$BACKBLAZE_KEY_ID" -e AWS_SECRET_ACCESS_KEY="$BACKBLAZE_APPLICATION_KEY" -i restic/restic:0.18.0 cat config --repo s3:$BACKBLAZE_BUCKET_URL --password-file /restic-password
+
+status=$?
+init_status=0
+
+if [ $status -eq 10 ]; then
+    # restic repo is not initialized so initialize it
+   docker run --rm --volume "$PWD/emptydir-$ROOT_DOMAIN:/nassella" --volume $PWD/restic-password:/restic-password -e AWS_ACCESS_KEY_ID="$BACKBLAZE_KEY_ID" -e AWS_SECRET_ACCESS_KEY="$BACKBLAZE_APPLICATION_KEY" -i restic/restic:0.18.0 init --repo s3:$BACKBLAZE_BUCKET_URL --password-file /restic-password
+   init_status=$?
+elif [ $status -ne 0  ]; then
+    # something unexpected happened, exit
+    rm -Rf "emptydir-$ROOT_DOMAIN"
+    exit $status
+fi
+
+if [ $init_status -ne 0 ]; then
+    # something unexpected happened, exit
+    rm -Rf "emptydir-$ROOT_DOMAIN"
+    exit $init_status
+fi
+
+rm -Rf "emptydir-$ROOT_DOMAIN"