zephyrus: setup restic backup with agenix secrets

This commit is contained in:
Antoine Martin 2022-01-17 22:00:51 +01:00
parent a0ead30194
commit c3fcb0154f
4 changed files with 51 additions and 0 deletions

View file

@ -43,6 +43,35 @@ in
tailscale.enable = true; tailscale.enable = true;
pipewire.enable = true; pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:zephyrus-backup";
passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/*/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
# C build crap
"*.a"
"*.o"
"*.so"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
}; };
services = { services = {

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 ZQuVNA KjrRurc5ztGrYO2wx0ToE8E4Yz2sbNwPi4zCGAJUK3k
+U1Ox1U4Z9ssleGchzMJGpQjFaRoqMYSLhKHXj1F2/U
-> ssh-ed25519 k2gHjw W35K39F0sREO2igYKaa3zr1LKgF6xiU5YtMq3RYqkC4
YJV8kdjMJSoRX7iLw2bQXET9zOudFuhZeHqPqHkNjuc
-> (aAM-grease j{6WJ 3C&
Pfh0krD/ClkQcByosGU3CxPivvPei5tXWZHh6odkWxn29iqsKT6L1ihEgYJDlopA
8ODR4G4ax6ZY13O+qjc
--- ugjGDcsxbwlKmTN+4lUyrhD6GJPl0qk4i+4OLS2NRP0
]#z…ƒãp¢¶X7Ó™ ¼1mê%wýFÒ 4õÒسÄcp+Q2¹ú“<C3BA>×ì¢pmxx>ňœ)Eô;~äî<>¢ÔsÆx[S$z¥¨&øžùrBSVÄz­ÿ÷þ\SXøærdö×\ÜóŠ5Tªfÿ|¿ô

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 ZQuVNA H3/RLTRU8T3JY99f+b9xT5oIqPCDyxjRfFbJ7iR3/zE
CTLpdnGapstc+/epugi1CxIZ3T7JZgE4Ew14B2WuanY
-> ssh-ed25519 k2gHjw wEnvcV2UApJ1MMyIQgSSkF+zhG+fugEiCieCpPBdJyc
polPsTGun9e6Bq6rogQBrmT32GQXiixxlKmuRpDDM0c
-> Jt-grease rX6~
RL6JmjlIQaG17HQQFY3hTYtTiL12Sr3RX/Scv6gO7gO8
--- eUEOS9mtYxxW2bqzEpD+ZsyYjhHWCArPd2PiFn6wMF4
ƒ*@ò-úñæÀ£’¬…9ÂÜpMDŸ¸™I{ázüke°K);‰ü+úU¥îñOZâ{ÙB Sx/ÑLI¡”G «9—‰ ”þ1É:Yݽ°4x:K—f¹Žqö9ï˜a¥Oº[jNåÇXq¡,âÏæZü=*˜'€'tׄƒÍ ²ˆö¿!vWòÛ6nÅéG&QwõÚG

View file

@ -11,4 +11,6 @@ let
all = users ++ machines; all = users ++ machines;
in in
{ {
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
} }