boreal: get rid of git crypt secrets for this host
Also move to restic-backup
This commit is contained in:
parent
38fb614309
commit
ceac41132e
1
.github/workflows/cachix.yaml
vendored
1
.github/workflows/cachix.yaml
vendored
|
@ -45,6 +45,7 @@ jobs:
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
name:
|
name:
|
||||||
|
- boreal
|
||||||
- zephyrus
|
- zephyrus
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
|
@ -3,9 +3,6 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
|
||||||
secrets = config.my.secrets;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
|
@ -46,17 +43,12 @@ in
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
borg-backup = {
|
restic-backup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
repo = secrets.borg-backup.boreal-repo;
|
repo = "b2:boreal-backup";
|
||||||
# for a workstation, having backups spanning the last month should be
|
passwordFile = config.age.secrets."restic-backup/boreal-password".path;
|
||||||
# enough
|
environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
|
||||||
prune = {
|
|
||||||
keep = {
|
|
||||||
daily = 7;
|
|
||||||
weekly = 4;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
paths = [
|
paths = [
|
||||||
"/home/alarsyo"
|
"/home/alarsyo"
|
||||||
];
|
];
|
||||||
|
|
10
modules/secrets/restic-backup/boreal-credentials.age
Normal file
10
modules/secrets/restic-backup/boreal-credentials.age
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
|
||||||
|
21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
|
||||||
|
-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
|
||||||
|
ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
|
||||||
|
-> u5-grease
|
||||||
|
MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
|
||||||
|
fg
|
||||||
|
--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
|
||||||
|
ŒÙúDíï° ´&…<QØ+¨úþ‹éJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcë‚ÛzÑ>v¢€ÃN1›±tòÚ8›w<˜Îò“w°d<C2B0><64>>s:µG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX
|
BIN
modules/secrets/restic-backup/boreal-password.age
Normal file
BIN
modules/secrets/restic-backup/boreal-password.age
Normal file
Binary file not shown.
|
@ -11,6 +11,8 @@ let
|
||||||
all = users ++ machines;
|
all = users ++ machines;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
|
||||||
|
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -5,6 +5,5 @@ let
|
||||||
;
|
;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
boreal-repo = fileContents ./boreal-repo.secret;
|
|
||||||
poseidon-repo = fileContents ./poseidon-repo.secret;
|
poseidon-repo = fileContents ./poseidon-repo.secret;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue