alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

boreal: get rid of git crypt secrets for this host

Browse source 
Also move to restic-backup
This commit is contained in:
Antoine Martin 2022-01-21 00:29:44 +01:00
parent 38fb614309
commit ceac41132e
7 changed files with 18 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/cachix.yaml vendored
View file

@ -45,6 +45,7 @@ jobs:
strategy: strategy:
matrix: matrix:
name: name:
- boreal
- zephyrus - zephyrus
steps: steps:

18
hosts/boreal/default.nix
View file

@ -3,9 +3,6 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@ -46,17 +43,12 @@ in
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
borg-backup = { restic-backup = {
enable = true; enable = true;
repo = secrets.borg-backup.boreal-repo; repo = "b2:boreal-backup";
# for a workstation, having backups spanning the last month should be passwordFile = config.age.secrets."restic-backup/boreal-password".path;
# enough environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
prune = {
keep = {
daily = 7;
weekly = 4;
};
};
paths = [ paths = [
"/home/alarsyo" "/home/alarsyo"
]; ];

10
modules/secrets/restic-backup/boreal-credentials.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
-> u5-grease
MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
fg
--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
ŒÙúDíï° ´&…<QØ+¨úþéJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcëÛzÑ>v¢€ÃN1±tòÚ8w<˜Îò“w­°d<C2B0><64>>sG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX

BIN
modules/secrets/restic-backup/boreal-password.age Normal file
View file

Binary file not shown.

2
modules/secrets/secrets.nix
View file

@ -11,6 +11,8 @@ let
all = users ++ machines; all = users ++ machines;
in in
{ {
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];

BIN
secrets/borg-backup/boreal-repo.secret
View file

Binary file not shown.

1
secrets/borg-backup/default.nix
View file

@ -5,6 +5,5 @@ let
; ;
in in
{ {
boreal-repo = fileContents ./boreal-repo.secret;
poseidon-repo = fileContents ./poseidon-repo.secret; poseidon-repo = fileContents ./poseidon-repo.secret;
} }