#!/bin/sh -eu
# SYNTAX: $duplicity_options
# DESCRIPTION: encapsuleur de duplicity(1) préchargeant sa clef OpenPGP.
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh

uid=backup+"$local_hostname"@"$local_domainname"
trap_exit () {
	errno=$?
	"$tool"/remote/gpg-preset-passphrase --forget "$uid"
	exit $errno
 }
trap trap_exit EXIT
"$tool"/remote/gpg-preset-passphrase --preset "$uid"

while IFS=: read -r type trust size algo keyid date x x x x x cap x
 do case $type,$cap in
	(sub,e) encrypt_key=${keyid#????????};;
	(sub,s) sign_key=$keyid;;
 esac done <<-EOF
	$("$tool"/remote/gpg --list-public-keys --with-colons -- "$uid")
	EOF

/usr/bin/duplicity \
 --archive-dir "$tool"/var/backup/current/archive \
 --gpg-options --homedir="$tool"/var/pub/openpgp \
 --gpg-options --trusted-key="$sign_key" \
 --gpg-options --no-permission-warning \
 --encrypt-key "$encrypt_key" \
 --sign-key "${sign_key#????????}" \
 --use-agent \
 -vw ${TRACE:+--verbosity info} \
 "$@"