alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hades: setup restic backups

Browse source
This commit is contained in:
Antoine Martin 2022-06-12 15:33:59 +02:00
parent 558ba2a685
commit baa239dc72
5 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
hosts/hades/default.nix
View file

@ -55,12 +55,20 @@ in {
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
fail2ban.enable = true;
restic-backup = {
enable = true;
repo = "b2:hades-backup-alarsyo";
passwordFile = config.age.secrets."restic-backup/hades-password".path;
environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
paths = ["/home/alarsyo"];
};
tailscale = { tailscale = {
enable = true; enable = true;
exitNode = true; exitNode = true;
}; };
fail2ban.enable = true;
}; };
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.

3
hosts/hades/secrets.nix
View file

@ -13,6 +13,9 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"restic-backup/hades-credentials" = {};
"restic-backup/hades-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };

BIN
modules/secrets/restic-backup/hades-credentials.age Normal file
View file

Binary file not shown.

10
modules/secrets/restic-backup/hades-password.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM
kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE
-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk
bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54
-> XL-grease ]SR-r g<"^}r I> PHC
i5h9MKFYUKNt
--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A
}èÆÎÔvÒjAÄû§Ëò<7A>“TGWïv¼B ¼ª0<C2AA><ñá;ZïYªü{ª·ÂŽL<´\è‰Å<E280B0>>…Ì4¿o~€ã,šËèš«^4^yl\Ftgd<>Ä
G±Æ²æ*"”

2
modules/secrets/secrets.nix
View file

@ -26,6 +26,8 @@ in {
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/hades-password.age".publicKeys = [alarsyo hades];
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];