zephyrus: setup restic backup with agenix secrets

2022-01-17 22:00:51 +01:00 · 2022-01-17 22:00:51 +01:00 · c3fcb0154f
parent a0ead30194
commit c3fcb0154f
4 changed files with 51 additions and 0 deletions
--- a/hosts/zephyrus/default.nix
+++ b/hosts/zephyrus/default.nix
@ -43,6 +43,35 @@ in
    tailscale.enable = true;
    pipewire.enable = true;
    restic-backup = {
      enable = true;
      repo = "b2:zephyrus-backup";
      passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
      environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
      paths = [
        "/home/alarsyo"
      ];
      exclude = [
        "/home/alarsyo/Downloads"
        # Rust builds using half my storage capacity
        "/home/alarsyo/*/target"
        "/home/alarsyo/work/rust/build"
        # don't backup nixpkgs
        "/home/alarsyo/work/nixpkgs"
        # C build crap
        "*.a"
        "*.o"
        "*.so"
        # ignore all dotfiles as .config and .cache can become quite big
        "/home/alarsyo/.*"
      ];
    };
  };
  services = {
--- a/modules/secrets/restic-backup/zephyrus-credentials.age
+++ b/modules/secrets/restic-backup/zephyrus-credentials.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZQuVNA KjrRurc5ztGrYO2wx0ToE8E4Yz2sbNwPi4zCGAJUK3k
 +U1Ox1U4Z9ssleGchzMJGpQjFaRoqMYSLhKHXj1F2/U
 -> ssh-ed25519 k2gHjw W35K39F0sREO2igYKaa3zr1LKgF6xiU5YtMq3RYqkC4
 YJV8kdjMJSoRX7iLw2bQXET9zOudFuhZeHqPqHkNjuc
 -> (aAM-grease j{6WJ 3C&
 Pfh0krD/ClkQcByosGU3CxPivvPei5tXWZHh6odkWxn29iqsKT6L1ihEgYJDlopA
 8ODR4G4ax6ZY13O+qjc
 --- ugjGDcsxbwlKmTN+4lUyrhD6GJPl0qk4i+4OLS2NRP0
 ]#z…ƒã‹p¢¶X7Ó™	¼1mê%wýFÒ
4õÒØ³Äcp+Q2¹ú“<C3BA>×ì¢pmxx>Åˆœ)Eô;~äî<>¢ÔsÆx[S$z¥¨&øžùrBSVÄzÿ÷þ\SXøærdö×\ÜóŠ5Tªfÿ|¿ô
 TÜ
--- a/modules/secrets/restic-backup/zephyrus-password.age
+++ b/modules/secrets/restic-backup/zephyrus-password.age
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZQuVNA H3/RLTRU8T3JY99f+b9xT5oIqPCDyxjRfFbJ7iR3/zE
 CTLpdnGapstc+/epugi1CxIZ3T7JZgE4Ew14B2WuanY
 -> ssh-ed25519 k2gHjw wEnvcV2UApJ1MMyIQgSSkF+zhG+fugEiCieCpPBdJyc
 polPsTGun9e6Bq6rogQBrmT32GQXiixxlKmuRpDDM0c
 -> Jt-grease rX6~
 RL6JmjlIQaG17HQQFY3hTYtTiL12Sr3RX/Scv6gO7gO8
 --- eUEOS9mtYxxW2bqzEpD+ZsyYjhHWCArPd2PiFn6wMF4
 ƒ*@ò-úñæÀ£’¬…9ÂÜpMDŸ¸™I{ázÃ¼ke°K);‰ü+úU¥îñOZâ{ÙBSx’/ÑLI¡”G «9—‰	”þ1É:YÝ½°4x:K—f¹Žq‘ö9ï˜a¥Oº[jNåÇXq¡‘,âÏæZü=*˜'€'t×„ƒÍ	
²ˆö¿!vWòÛ6n›†ÅéG&QwõÚG
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -11,4 +11,6 @@ let
  all = users ++ machines;
 in
 {
  "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
  "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
 }