From baa239dc72559b4bb1e002e30a501eae6bfaf8e1 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Sun, 12 Jun 2022 15:33:59 +0200
Subject: [PATCH] hades: setup restic backups

---
 hosts/hades/default.nix                           |  12 ++++++++++--
 hosts/hades/secrets.nix                           |   3 +++
 .../secrets/restic-backup/hades-credentials.age   | Bin 0 -> 438 bytes
 modules/secrets/restic-backup/hades-password.age  |  10 ++++++++++
 modules/secrets/secrets.nix                       |   2 ++
 5 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 modules/secrets/restic-backup/hades-credentials.age
 create mode 100644 modules/secrets/restic-backup/hades-password.age

diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix
index 7873034..cb47d27 100644
--- a/hosts/hades/default.nix
+++ b/hosts/hades/default.nix
@@ -55,12 +55,20 @@ in {
 
   # List services that you want to enable:
   my.services = {
+    fail2ban.enable = true;
+
+    restic-backup = {
+      enable = true;
+      repo = "b2:hades-backup-alarsyo";
+      passwordFile = config.age.secrets."restic-backup/hades-password".path;
+      environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
+      paths = ["/home/alarsyo"];
+    };
+
     tailscale = {
       enable = true;
       exitNode = true;
     };
-
-    fail2ban.enable = true;
   };
 
   # Enable the OpenSSH daemon.
diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix
index 3fbc379..f562d22 100644
--- a/hosts/hades/secrets.nix
+++ b/hosts/hades/secrets.nix
@@ -13,6 +13,9 @@
         // attrs;
     in
       lib.mapAttrs toSecret {
+        "restic-backup/hades-credentials" = {};
+        "restic-backup/hades-password" = {};
+
         "users/alarsyo-hashed-password" = {};
         "users/root-hashed-password" = {};
       };
diff --git a/modules/secrets/restic-backup/hades-credentials.age b/modules/secrets/restic-backup/hades-credentials.age
new file mode 100644
index 0000000000000000000000000000000000000000..30a9e02e45ee8ddb1bfe740d4ba281bc3b874bbc
GIT binary patch
literal 438
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp#noNHlN{
z^9j$6^sh4a2q@06u<#EKEY}Xo%gv3*H8t=sa0)QY_At*5HQ|b|EJ=)VGj!1pD#|fS
z%*pi$4)XOfaL@Ek_pmG}Hmo#D3{K81G|PxG3PrcAAi|>3C|x1AD%Uc~&)d>0sxrbc
zDm%N#JI5m|)!)?JCn+V}HMua~$tT?<EIBtN*OM#4->0xp-`~9|E!8X2GSS)GJTbtd
z($mr@!Ym@hBQn&`CBo9oq%hl~Bpqa1nX;K~dQoa(ajHU`jY^acm#MdLpnIjGH<zxi
zu0mj>PmzCNgkNR3VYo?}nPp*CmYKGRL1td6w@I#re}=zzTBWm3fN6?<AXodj4$Ffg
zhki7!d&}Pa?+I7qWmnttIh&)_oR<8&KcIBYB6fzPH}xMZ-p*LLmc!#ruB%1aHLviM
zHx6~(+>`lf$$<kOUdHZZlJs2mdg_})Cr-0FKkN)*TFj<bdg1gDhSCm>l8QA(w;mk$
V#Xc)<DO0FuTEdEs-{0og006liqh$a9

literal 0
HcmV?d00001

diff --git a/modules/secrets/restic-backup/hades-password.age b/modules/secrets/restic-backup/hades-password.age
new file mode 100644
index 0000000..7973032
--- /dev/null
+++ b/modules/secrets/restic-backup/hades-password.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM
+kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE
+-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk
+bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54
+-> XL-grease ]SR-r g<"^}r I> PHC
+i5h9MKFYUKNt
+--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A
+}����v�jA�����z΍�TGW�v�B��0�<��;Z�Y���{��ŽL<�\�ō>��4�o~��,��蚫^4^yl\Ftgd��
+G�Ʋ�*"�
\ No newline at end of file
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 68137cc..455f7b0 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -26,6 +26,8 @@ in {
 
   "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
   "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
+  "restic-backup/hades-password.age".publicKeys = [alarsyo hades];
+  "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
   "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
   "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
   "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];