From 2908bbb887f51b7969f90918fafa4b7dc14bf4a8 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 11 Mar 2022 18:25:40 +0100
Subject: [PATCH] secrets: move poseidon-restic to agenix

---
 hosts/poseidon/default.nix                        |   4 +++-
 hosts/poseidon/secrets.nix                        |   3 +++
 .../restic-backup/poseidon-credentials.age        |  10 ++++++++++
 .../secrets/restic-backup/poseidon-password.age   | Bin 0 -> 463 bytes
 modules/secrets/secrets.nix                       |   2 ++
 secrets/default.nix                               |   1 -
 secrets/restic-backup/default.nix                 |   9 ---------
 secrets/restic-backup/poseidon-repo.secret        | Bin 41 -> 0 bytes
 8 files changed, 18 insertions(+), 11 deletions(-)
 create mode 100644 modules/secrets/restic-backup/poseidon-credentials.age
 create mode 100644 modules/secrets/restic-backup/poseidon-password.age
 delete mode 100644 secrets/restic-backup/default.nix
 delete mode 100644 secrets/restic-backup/poseidon-repo.secret

diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index 8f02fce..282e26d 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -65,7 +65,9 @@ in
 
     restic-backup = {
       enable = true;
-      repo = secrets.restic-backup.poseidon-repo;
+      repo = "b2:poseidon-backup";
+      passwordFile = config.age.secrets."restic-backup/poseidon-password".path;
+      environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path;
     };
 
     fail2ban = {
diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix
index 962e4ff..f058804 100644
--- a/hosts/poseidon/secrets.nix
+++ b/hosts/poseidon/secrets.nix
@@ -17,6 +17,9 @@
             owner = "matrix-synapse";
           };
 
+          "restic-backup/poseidon-credentials" = {};
+          "restic-backup/poseidon-password" = {};
+
           "transmission/secret" = {
             owner = "transmission";
           };
diff --git a/modules/secrets/restic-backup/poseidon-credentials.age b/modules/secrets/restic-backup/poseidon-credentials.age
new file mode 100644
index 0000000..0b3b3a1
--- /dev/null
+++ b/modules/secrets/restic-backup/poseidon-credentials.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw oSO/cLGLMkjqRIjYewTqtOccb7CLSmODK+B6Kb/L/gk
+cGU5gafJCeX/o3qqcNNPGIAXbAwm8sZi59QIDqcmWUA
+-> ssh-ed25519 z6Eu8Q FMOXZNxOrbT95XR5R6tul1A+aiCP/QHRsCZraA/SZmw
+UXjp7Z93U56hZ9f/OijkzZ1UCRf+VVwD0b1dY04lCVs
+-> )-grease
+qkTAz5YAzx5TLvSvmiAL1EDt3pYUgwdMMcRKDBdTBrvxeQE
+--- EBQNvbSPDyq5SFKU517JyM024/zZx0DqoxMiP9jzlSs
+rP+áÕôy¯j‡²f>ï9ÓÈŽÌ·ýw›ÕtØ6šsˆgƒ½/tØÞàSÍ—ì¡Ø\fZªêªN?v·ŒÚ
+µ1÷Iíœ¹+uÝ¾U-ëCfÜn1`cò-’‹RCéêP'¿zB)¿ØFŽ` äVÖBKX
\ No newline at end of file
diff --git a/modules/secrets/restic-backup/poseidon-password.age b/modules/secrets/restic-backup/poseidon-password.age
new file mode 100644
index 0000000000000000000000000000000000000000..b8ca418f643c3fbbc9b6f0eb19f41173035a12d9
GIT binary patch
literal 463
zcmZ9_yNlCs003Y|2{-7b+>#R<B*ZrFL`6t*?WONWa!pgvqiue9HqEPf{Ia?UA`Ut^
zoOmD#E;=|W!VL<FvxlR4xG3DFi{R+@4}3EV;9#|gVYqgJ)#V_zDj9*`*U==gabS=P
zLkOrxTC$s?m_*F_yYtuslx9NA0J;aulC~5JdWBC-^?|-194D$cIg<6D6pf+UFeE$B
zDk>07p;JUr-R)Po5GFc+El}tCjSm0+R<iY!AEE`3xtzxeu0&*v#;oiR8o_wjQ+Bs~
zwx-cq;P)&#?K)+S@O@LKTXH+FB}`2hqiEHfB)+AlK7na1Cu?>+j$%Lw<$v2HgB-6X
zA#TNBmH<?f5RKV3BZZZ-9Sig33wtU~Yh!^afQc!h5!0#KCcREKth(!hnFl!~v#vfw
za2!YVWusFw+d&*zb5T{6BU)^@u{z@tngD!(vB_N1Ce^~jhRDb7w*~Xvg@Jy2a{Tb@
zm)GyN(7R7-r*8Sw!RgJx8)5nDIrVLH^UCMLqn%ge)}w063{RxTPu_AB=g;A}2kZSi
j%^w@*;~UKvUoSqp_u)RBADlV*z5jD>@8#7`gXOiq;IOAL

literal 0
HcmV?d00001

diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 9e2b6a5..4516497 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -19,6 +19,8 @@ in
 
   "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
   "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
+  "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ];
+  "restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ];
   "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
   "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
 
diff --git a/secrets/default.nix b/secrets/default.nix
index f47f8fc..726354d 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -15,6 +15,5 @@ in {
     nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
 
     paperless = import ./paperless { inherit lib; };
-    restic-backup = import ./restic-backup { inherit lib; };
   };
 }
diff --git a/secrets/restic-backup/default.nix b/secrets/restic-backup/default.nix
deleted file mode 100644
index e9a3e7a..0000000
--- a/secrets/restic-backup/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib }:
-let
-  inherit (lib)
-    fileContents
-  ;
-in
-{
-  poseidon-repo = fileContents ./poseidon-repo.secret;
-}
diff --git a/secrets/restic-backup/poseidon-repo.secret b/secrets/restic-backup/poseidon-repo.secret
deleted file mode 100644
index db082cf2c1ff6419a2e6c357dc10e42f7f8b7d38..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 41
xcmZQ@_Y83kiVO&0XiwF?^k1TW<5}l(-m<>pw|%|azb^YAsr!DnJ<s(o#sE-*5)S|X