secrets: move poseidon-restic to agenix

2022-03-11 18:25:40 +01:00 · 2022-03-11 18:25:40 +01:00 · 2908bbb887
parent 165b30ef9c
commit 2908bbb887
8 changed files with 18 additions and 11 deletions
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@ -65,7 +65,9 @@ in
    restic-backup = {
      enable = true;
-      repo = secrets.restic-backup.poseidon-repo;
+      repo = "b2:poseidon-backup";
      passwordFile = config.age.secrets."restic-backup/poseidon-password".path;
      environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path;
    };
    fail2ban = {
--- a/hosts/poseidon/secrets.nix
+++ b/hosts/poseidon/secrets.nix
@ -17,6 +17,9 @@
            owner = "matrix-synapse";
          };
          "restic-backup/poseidon-credentials" = {};
          "restic-backup/poseidon-password" = {};
          "transmission/secret" = {
            owner = "transmission";
          };
--- a/modules/secrets/restic-backup/poseidon-credentials.age
+++ b/modules/secrets/restic-backup/poseidon-credentials.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 k2gHjw oSO/cLGLMkjqRIjYewTqtOccb7CLSmODK+B6Kb/L/gk
 cGU5gafJCeX/o3qqcNNPGIAXbAwm8sZi59QIDqcmWUA
 -> ssh-ed25519 z6Eu8Q FMOXZNxOrbT95XR5R6tul1A+aiCP/QHRsCZraA/SZmw
 UXjp7Z93U56hZ9f/OijkzZ1UCRf+VVwD0b1dY04lCVs
 -> )-grease
 qkTAz5YAzx5TLvSvmiAL1EDt3pYUgwdMMcRKDBdTBrvxeQE
 --- EBQNvbSPDyq5SFKU517JyM024/zZx0DqoxMiP9jzlSs
 rP+áÕôy¯j‡²f>ï9ÓÈŽÌ·ýw›ÕtØ6šsˆgƒ½/tØÞàSÍ—ì¡Ø\fZªêª<C3AA>N?v·ŒÚ
 µ1÷Iíœ¹+uÝ¾U-ëCfÜn1`cò-’‹RCéêP'¿zB)¿ØFŽ` äV<C3A4>ÖBKX
--- a/modules/secrets/restic-backup/poseidon-password.age
+++ b/modules/secrets/restic-backup/poseidon-password.age
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -19,6 +19,8 @@ in
  "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
  "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
  "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ];
  "restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ];
  "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
  "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -15,6 +15,5 @@ in {
    nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
    paperless = import ./paperless { inherit lib; };
    restic-backup = import ./restic-backup { inherit lib; };
  };
 }
--- a/secrets/restic-backup/default.nix
+++ b/secrets/restic-backup/default.nix
@ -1,9 +0,0 @@
 { lib }:
 let
  inherit (lib)
    fileContents
  ;
 in
 {
  poseidon-repo = fileContents ./poseidon-repo.secret;
 }
--- a/secrets/restic-backup/poseidon-repo.secret
+++ b/secrets/restic-backup/poseidon-repo.secret