From baa239dc72559b4bb1e002e30a501eae6bfaf8e1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 15:33:59 +0200 Subject: [PATCH] hades: setup restic backups --- hosts/hades/default.nix | 12 ++++++++++-- hosts/hades/secrets.nix | 3 +++ .../secrets/restic-backup/hades-credentials.age | Bin 0 -> 438 bytes modules/secrets/restic-backup/hades-password.age | 10 ++++++++++ modules/secrets/secrets.nix | 2 ++ 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/restic-backup/hades-credentials.age create mode 100644 modules/secrets/restic-backup/hades-password.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 7873034..cb47d27 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -55,12 +55,20 @@ in { # List services that you want to enable: my.services = { + fail2ban.enable = true; + + restic-backup = { + enable = true; + repo = "b2:hades-backup-alarsyo"; + passwordFile = config.age.secrets."restic-backup/hades-password".path; + environmentFile = config.age.secrets."restic-backup/hades-credentials".path; + paths = ["/home/alarsyo"]; + }; + tailscale = { enable = true; exitNode = true; }; - - fail2ban.enable = true; }; # Enable the OpenSSH daemon. diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 3fbc379..f562d22 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "restic-backup/hades-credentials" = {}; + "restic-backup/hades-password" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/restic-backup/hades-credentials.age b/modules/secrets/restic-backup/hades-credentials.age new file mode 100644 index 0000000000000000000000000000000000000000..30a9e02e45ee8ddb1bfe740d4ba281bc3b874bbc GIT binary patch literal 438 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp#noNHlN{ z^9j$6^sh4a2q@06u<#EKEY}Xo%gv3*H8t=sa0)QY_At*5HQ|b|EJ=)VGj!1pD#|fS z%*pi$4)XOfaL@Ek_pmG}Hmo#D3{K81G|PxG3PrcAAi|>3C|x1AD%Uc~&)d>0sxrbc zDm%N#JI5m|)!)?JCn+V}HMua~$tT?0xp-`~9|E!8X2GSS)GJTbtd z($mr@!Ym@hBQn&`CBo9oq%hl~Bpqa1nX;K~dQoa(ajHU`jY^acm#MdLpnIjGHPmzCNgkNR3VYo?}nPp*CmYKGRL1td6w@I#re}=zzTBWm3fN6?`lf$$l8QA(w;mk$ V#Xc) ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM +kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE +-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk +bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54 +-> XL-grease ]SR-r g<"^}r I> PHC +i5h9MKFYUKNt +--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A +}vjAz΍TGWvB 0<;ZY{ŽL<\ō>4o~,蚫^4^yl\Ftgd +GƲ*" \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 68137cc..455f7b0 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -26,6 +26,8 @@ in { "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; + "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; + "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];