diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-07 11:25:48 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-07 11:25:48 +0100 |
commit | e748d6f49372169176c0a78871be805fc63e21bf (patch) | |
tree | bbb23a356cc34aebde023b5a297f6fccc8680b9e | |
parent | fc4cbfdc1038c7b0a5e4c64eb48071ba23823579 (diff) | |
download | nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.gz nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.bz2 nixos-e748d6f49372169176c0a78871be805fc63e21bf.tar.xz nixos-e748d6f49372169176c0a78871be805fc63e21bf.zip |
vidhar: borg: ...
-rw-r--r-- | hosts/vidhar/borg/default.nix | 17 | ||||
-rw-r--r-- | hosts/vidhar/borg/jotnar/surtr (renamed from hosts/vidhar/borg/authorized-keys/surtr) | 0 | ||||
-rw-r--r-- | hosts/vidhar/borg/jotnar/surtr.pub (renamed from hosts/vidhar/borg/authorized-keys/surtr.pub) | 0 | ||||
-rw-r--r-- | hosts/vidhar/borg/jotnar/ymir (renamed from hosts/vidhar/borg/authorized-keys/ymir) | 0 | ||||
-rw-r--r-- | hosts/vidhar/borg/jotnar/ymir.pub (renamed from hosts/vidhar/borg/authorized-keys/ymir.pub) | 0 | ||||
-rw-r--r-- | hosts/vidhar/borg/passphrase.yaml | 34 |
6 files changed, 4 insertions, 47 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 3558a421..ee5856c9 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -4,16 +4,16 @@ with lib; | |||
4 | 4 | ||
5 | { | 5 | { |
6 | config = { | 6 | config = { |
7 | services.borgbackup.repos.borg = { | 7 | services.borgbackup.repos.jotnar = { |
8 | path = "/srv/backup/borg"; | 8 | path = "/srv/backup/borg/jotnar"; |
9 | authorizedKeysAppendOnly = let | 9 | authorizedKeysAppendOnly = let |
10 | dir = ./authorized-keys; | 10 | dir = ./jotnar; |
11 | toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}"); | 11 | toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}"); |
12 | in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir)); | 12 | in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir)); |
13 | }; | 13 | }; |
14 | 14 | ||
15 | boot.postBootCommands = mkBefore '' | 15 | boot.postBootCommands = mkBefore '' |
16 | ${pkgs.findutils}/bin/find /srv/backup/borg -maxdepth 1 -type d -empty -delete | 16 | ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete |
17 | ''; | 17 | ''; |
18 | 18 | ||
19 | users.users.borg.extraGroups = ["ssh"]; | 19 | users.users.borg.extraGroups = ["ssh"]; |
@@ -25,14 +25,5 @@ with lib; | |||
25 | 25 | ||
26 | Match All | 26 | Match All |
27 | ''; | 27 | ''; |
28 | |||
29 | sops.secrets.borg-passphrase = { | ||
30 | sopsFile = ./passphrase.yaml; | ||
31 | format = "yaml"; | ||
32 | key = "borg"; | ||
33 | owner = "borg"; | ||
34 | group = "borg"; | ||
35 | mode = "0440"; | ||
36 | }; | ||
37 | }; | 28 | }; |
38 | } | 29 | } |
diff --git a/hosts/vidhar/borg/authorized-keys/surtr b/hosts/vidhar/borg/jotnar/surtr index 26d286b4..26d286b4 100644 --- a/hosts/vidhar/borg/authorized-keys/surtr +++ b/hosts/vidhar/borg/jotnar/surtr | |||
diff --git a/hosts/vidhar/borg/authorized-keys/surtr.pub b/hosts/vidhar/borg/jotnar/surtr.pub index 5c044d7a..5c044d7a 100644 --- a/hosts/vidhar/borg/authorized-keys/surtr.pub +++ b/hosts/vidhar/borg/jotnar/surtr.pub | |||
diff --git a/hosts/vidhar/borg/authorized-keys/ymir b/hosts/vidhar/borg/jotnar/ymir index f3dd360c..f3dd360c 100644 --- a/hosts/vidhar/borg/authorized-keys/ymir +++ b/hosts/vidhar/borg/jotnar/ymir | |||
diff --git a/hosts/vidhar/borg/authorized-keys/ymir.pub b/hosts/vidhar/borg/jotnar/ymir.pub index a62fcfdf..a62fcfdf 100644 --- a/hosts/vidhar/borg/authorized-keys/ymir.pub +++ b/hosts/vidhar/borg/jotnar/ymir.pub | |||
diff --git a/hosts/vidhar/borg/passphrase.yaml b/hosts/vidhar/borg/passphrase.yaml deleted file mode 100644 index 2cb63790..00000000 --- a/hosts/vidhar/borg/passphrase.yaml +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | borg: ENC[AES256_GCM,data:o5pmEauOdKlmHxy0TRj8E8QXyy6ve+mP/rcDNfdn7N0=,iv:qJIaJxzDKf7dLJtxwQOQcPvqY4CW3XZMOZXGe9hqavQ=,tag:BUp8yuXq7mVMvZ4JjbXhug==,type:str] | ||
2 | sops: | ||
3 | kms: [] | ||
4 | gcp_kms: [] | ||
5 | azure_kv: [] | ||
6 | hc_vault: [] | ||
7 | age: [] | ||
8 | lastmodified: "2022-02-06T20:32:52Z" | ||
9 | mac: ENC[AES256_GCM,data:FvSjzLSV3mnV1a0Sdt4PsdZtfOO7VhWe5LilR1fNTywwClOlr+g0SFVcJezU9AJDKsElfjoS2L3WFCNzyF9cHFnQFUt87TFbUxWbX0j4ib8lkJ4cpn2txeqXo0viq58/jnkNQD8o/f6fOlD5Y//0Lpyj055kWkPSGOmjoa4q/ps=,iv:Gnmo1ciA4FWsM+Qed/tKFjWEdQ/uqpAMQrHu44GsyWc=,tag:+8+YO9w/6glN+eNNSgzHiQ==,type:str] | ||
10 | pgp: | ||
11 | - created_at: "2022-02-06T20:32:40Z" | ||
12 | enc: | | ||
13 | -----BEGIN PGP MESSAGE----- | ||
14 | |||
15 | hF4DbYDvGI0HDr0SAQdAVAW0FHYzJhXVUvP/nvGrTrzSZhoAqLzuUnbjt0WiTRww | ||
16 | bVPtaek+koF+7cNFXO44nl0jwAZ3JhMAkbJThMkzKfVPGlSclIvlsx48fKDxeGlG | ||
17 | 0l4BTnEn9Cooj9HAIVsnhicqkTw0iDfHuMHJKIKE5QHj6DspwmFTXN65yzA1rdLY | ||
18 | tYtMf5l7LLfZ1A/g4Ntem/BmivTyCGHo0H+KE5hYj0G/LPOAKd5u+gILMb0ieiEn | ||
19 | =/Hp4 | ||
20 | -----END PGP MESSAGE----- | ||
21 | fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362 | ||
22 | - created_at: "2022-02-06T20:32:40Z" | ||
23 | enc: | | ||
24 | -----BEGIN PGP MESSAGE----- | ||
25 | |||
26 | hF4DXxoViZlp6dISAQdARXAvPGVP/xWyS7hihCv2r92juXZ0n38RDEYq6N4tPxAw | ||
27 | 3JV5lFVE+EHIa8xB8WR8ACyV9kjZxhNkSmbUCBjyONCBMeS8aTzbYAC1xvOBOg/c | ||
28 | 0l4BbpKdYpMeKjhoLgef0/DoO4cuPKFgq7GVfivErkb8s4Px5L5nVDsBCDb4gXvy | ||
29 | RWrsrgxHN1wtmRFfgOTahvYdPDneFYKa30vm7CLmBY1/XBZJ0vlzzhHvqOc9Xelb | ||
30 | =Y6lZ | ||
31 | -----END PGP MESSAGE----- | ||
32 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
33 | unencrypted_suffix: _unencrypted | ||
34 | version: 3.7.1 | ||