hades: setup restic backups
This commit is contained in:
parent
558ba2a685
commit
baa239dc72
|
@ -55,12 +55,20 @@ in {
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
|
fail2ban.enable = true;
|
||||||
|
|
||||||
|
restic-backup = {
|
||||||
|
enable = true;
|
||||||
|
repo = "b2:hades-backup-alarsyo";
|
||||||
|
passwordFile = config.age.secrets."restic-backup/hades-password".path;
|
||||||
|
environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
|
||||||
|
paths = ["/home/alarsyo"];
|
||||||
|
};
|
||||||
|
|
||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
exitNode = true;
|
exitNode = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
fail2ban.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
|
|
|
@ -13,6 +13,9 @@
|
||||||
// attrs;
|
// attrs;
|
||||||
in
|
in
|
||||||
lib.mapAttrs toSecret {
|
lib.mapAttrs toSecret {
|
||||||
|
"restic-backup/hades-credentials" = {};
|
||||||
|
"restic-backup/hades-password" = {};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
BIN
modules/secrets/restic-backup/hades-credentials.age
Normal file
BIN
modules/secrets/restic-backup/hades-credentials.age
Normal file
Binary file not shown.
10
modules/secrets/restic-backup/hades-password.age
Normal file
10
modules/secrets/restic-backup/hades-password.age
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM
|
||||||
|
kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE
|
||||||
|
-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk
|
||||||
|
bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54
|
||||||
|
-> XL-grease ]SR-r g<"^}r I> PHC
|
||||||
|
i5h9MKFYUKNt
|
||||||
|
--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A
|
||||||
|
}èÆÎÔvÒjAÄû§ËòzÎ<7A>“TGWïv¼B¼ª0<C2AA><ñá;ZïY‚ªü{ª·ÂŽL<´\è‰Å<E280B0>>…Ì4¿o~€ã,šËèš«^4^yl\Ftgd<>Ä
|
||||||
|
G±Æ²æ*"”
|
|
@ -26,6 +26,8 @@ in {
|
||||||
|
|
||||||
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
|
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
|
||||||
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
|
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
|
||||||
|
"restic-backup/hades-password.age".publicKeys = [alarsyo hades];
|
||||||
|
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
|
||||||
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
|
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
|
||||||
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
|
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
|
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
|
||||||
|
|
Loading…
Reference in a new issue