summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-07 11:25:48 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-07 11:25:48 +0100
commite748d6f49372169176c0a78871be805fc63e21bf (patch)
treebbb23a356cc34aebde023b5a297f6fccc8680b9e
parentfc4cbfdc1038c7b0a5e4c64eb48071ba23823579 (diff)
downloadnixos-e748d6f49372169176c0a78871be805fc63e21bf.tar
nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.gz
nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.bz2
nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.xz
nixos-e748d6f49372169176c0a78871be805fc63e21bf.zip
vidhar: borg: ...
-rw-r--r--hosts/vidhar/borg/default.nix17
-rw-r--r--hosts/vidhar/borg/jotnar/surtr (renamed from hosts/vidhar/borg/authorized-keys/surtr)0
-rw-r--r--hosts/vidhar/borg/jotnar/surtr.pub (renamed from hosts/vidhar/borg/authorized-keys/surtr.pub)0
-rw-r--r--hosts/vidhar/borg/jotnar/ymir (renamed from hosts/vidhar/borg/authorized-keys/ymir)0
-rw-r--r--hosts/vidhar/borg/jotnar/ymir.pub (renamed from hosts/vidhar/borg/authorized-keys/ymir.pub)0
-rw-r--r--hosts/vidhar/borg/passphrase.yaml34
6 files changed, 4 insertions, 47 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 3558a421..ee5856c9 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -4,16 +4,16 @@ with lib;
4 4
5{ 5{
6 config = { 6 config = {
7 services.borgbackup.repos.borg = { 7 services.borgbackup.repos.jotnar = {
8 path = "/srv/backup/borg"; 8 path = "/srv/backup/borg/jotnar";
9 authorizedKeysAppendOnly = let 9 authorizedKeysAppendOnly = let
10 dir = ./authorized-keys; 10 dir = ./jotnar;
11 toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}"); 11 toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
12 in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir)); 12 in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir));
13 }; 13 };
14 14
15 boot.postBootCommands = mkBefore '' 15 boot.postBootCommands = mkBefore ''
16 ${pkgs.findutils}/bin/find /srv/backup/borg -maxdepth 1 -type d -empty -delete 16 ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete
17 ''; 17 '';
18 18
19 users.users.borg.extraGroups = ["ssh"]; 19 users.users.borg.extraGroups = ["ssh"];
@@ -25,14 +25,5 @@ with lib;
25 25
26 Match All 26 Match All
27 ''; 27 '';
28
29 sops.secrets.borg-passphrase = {
30 sopsFile = ./passphrase.yaml;
31 format = "yaml";
32 key = "borg";
33 owner = "borg";
34 group = "borg";
35 mode = "0440";
36 };
37 }; 28 };
38} 29}
diff --git a/hosts/vidhar/borg/authorized-keys/surtr b/hosts/vidhar/borg/jotnar/surtr
index 26d286b4..26d286b4 100644
--- a/hosts/vidhar/borg/authorized-keys/surtr
+++ b/hosts/vidhar/borg/jotnar/surtr
diff --git a/hosts/vidhar/borg/authorized-keys/surtr.pub b/hosts/vidhar/borg/jotnar/surtr.pub
index 5c044d7a..5c044d7a 100644
--- a/hosts/vidhar/borg/authorized-keys/surtr.pub
+++ b/hosts/vidhar/borg/jotnar/surtr.pub
diff --git a/hosts/vidhar/borg/authorized-keys/ymir b/hosts/vidhar/borg/jotnar/ymir
index f3dd360c..f3dd360c 100644
--- a/hosts/vidhar/borg/authorized-keys/ymir
+++ b/hosts/vidhar/borg/jotnar/ymir
diff --git a/hosts/vidhar/borg/authorized-keys/ymir.pub b/hosts/vidhar/borg/jotnar/ymir.pub
index a62fcfdf..a62fcfdf 100644
--- a/hosts/vidhar/borg/authorized-keys/ymir.pub
+++ b/hosts/vidhar/borg/jotnar/ymir.pub
diff --git a/hosts/vidhar/borg/passphrase.yaml b/hosts/vidhar/borg/passphrase.yaml
deleted file mode 100644
index 2cb63790..00000000
--- a/hosts/vidhar/borg/passphrase.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
1borg: ENC[AES256_GCM,data:o5pmEauOdKlmHxy0TRj8E8QXyy6ve+mP/rcDNfdn7N0=,iv:qJIaJxzDKf7dLJtxwQOQcPvqY4CW3XZMOZXGe9hqavQ=,tag:BUp8yuXq7mVMvZ4JjbXhug==,type:str]
2sops:
3 kms: []
4 gcp_kms: []
5 azure_kv: []
6 hc_vault: []
7 age: []
8 lastmodified: "2022-02-06T20:32:52Z"
9 mac: ENC[AES256_GCM,data:FvSjzLSV3mnV1a0Sdt4PsdZtfOO7VhWe5LilR1fNTywwClOlr+g0SFVcJezU9AJDKsElfjoS2L3WFCNzyF9cHFnQFUt87TFbUxWbX0j4ib8lkJ4cpn2txeqXo0viq58/jnkNQD8o/f6fOlD5Y//0Lpyj055kWkPSGOmjoa4q/ps=,iv:Gnmo1ciA4FWsM+Qed/tKFjWEdQ/uqpAMQrHu44GsyWc=,tag:+8+YO9w/6glN+eNNSgzHiQ==,type:str]
10 pgp:
11 - created_at: "2022-02-06T20:32:40Z"
12 enc: |
13 -----BEGIN PGP MESSAGE-----
14
15 hF4DbYDvGI0HDr0SAQdAVAW0FHYzJhXVUvP/nvGrTrzSZhoAqLzuUnbjt0WiTRww
16 bVPtaek+koF+7cNFXO44nl0jwAZ3JhMAkbJThMkzKfVPGlSclIvlsx48fKDxeGlG
17 0l4BTnEn9Cooj9HAIVsnhicqkTw0iDfHuMHJKIKE5QHj6DspwmFTXN65yzA1rdLY
18 tYtMf5l7LLfZ1A/g4Ntem/BmivTyCGHo0H+KE5hYj0G/LPOAKd5u+gILMb0ieiEn
19 =/Hp4
20 -----END PGP MESSAGE-----
21 fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
22 - created_at: "2022-02-06T20:32:40Z"
23 enc: |
24 -----BEGIN PGP MESSAGE-----
25
26 hF4DXxoViZlp6dISAQdARXAvPGVP/xWyS7hihCv2r92juXZ0n38RDEYq6N4tPxAw
27 3JV5lFVE+EHIa8xB8WR8ACyV9kjZxhNkSmbUCBjyONCBMeS8aTzbYAC1xvOBOg/c
28 0l4BbpKdYpMeKjhoLgef0/DoO4cuPKFgq7GVfivErkb8s4Px5L5nVDsBCDb4gXvy
29 RWrsrgxHN1wtmRFfgOTahvYdPDneFYKa30vm7CLmBY1/XBZJ0vlzzhHvqOc9Xelb
30 =Y6lZ
31 -----END PGP MESSAGE-----
32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
33 unencrypted_suffix: _unencrypted
34 version: 3.7.1