boreal: get rid of git crypt secrets for this host

Also move to restic-backup

.github/workflows/cachix.yaml

@@ -45,6 +45,7 @@ jobs:
     strategy:
       matrix:
         name:
+        - boreal
         - zephyrus
 
     steps:

hosts/boreal/default.nix

@@ -3,9 +3,6 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
 { config, lib, pkgs, ... }:
-let
-  secrets = config.my.secrets;
-in
 {
   imports =
     [ # Include the results of the hardware scan.
@@ -46,17 +43,12 @@ in
 
   # List services that you want to enable:
   my.services = {
-    borg-backup = {
+    restic-backup = {
       enable = true;
-      repo = secrets.borg-backup.boreal-repo;
-      # for a workstation, having backups spanning the last month should be
-      # enough
-      prune = {
-        keep = {
-          daily = 7;
-          weekly = 4;
-        };
-      };
+      repo = "b2:boreal-backup";
+      passwordFile = config.age.secrets."restic-backup/boreal-password".path;
+      environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
+
       paths = [
         "/home/alarsyo"
       ];

modules/secrets/restic-backup/boreal-credentials.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
+21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
+-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
+ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
+-> u5-grease
+MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
+fg
+--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
+ŒÙúDíï°	´&…<QØ+¨úþ‹éJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcë‚ÛzÑ>v¢€ÃN1›±tòÚ8›w<˜Îò“w­°d<C2B0><64>>s:µG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX

modules/secrets/secrets.nix

@@ -11,6 +11,8 @@ let
   all = users ++ machines;
 in
 {
+  "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
+  "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
   "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
   "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
 

secrets/borg-backup/default.nix

@@ -5,6 +5,5 @@ let
   ;
 in
 {
-  boreal-repo = fileContents ./boreal-repo.secret;
   poseidon-repo = fileContents ./poseidon-repo.secret;
 }