3 files changed, 19 insertions, 6 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index d6d64ec8..9a51b103 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -65,12 +65,23 @@ in {
      };
    };
-    services.borgbackup.repos.jotnar = {
+    services.borgbackup.repos = {
-      path = "/srv/backup/borg/jotnar";
+      jotnar = {
-      authorizedKeysAppendOnly = let
+        path = "/srv/backup/borg/jotnar";
-        dir = ./jotnar;
+        authorizedKeysAppendOnly = let
-        toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
+          dir = ./jotnar;
-      in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
+          toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
+        in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
+      };
+      "uniworx.de" = {
+        path = "/srv/backups/borg/uniworx.de";
+        authorizedKeys = [
+          (builtins.readFile ./uniworx.de/root.pub)
+        ];
+        authorizedKeysAppendOnly = [
+          (builtins.readFile ./uniworx.de/append.srv01.pub)
+        ];
+      };
    };
    # systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;
diff --git a/hosts/vidhar/borg/uniworx.de/append.srv01.pub b/hosts/vidhar/borg/uniworx.de/append.srv01.pub
new file mode 100644
index 00000000..708a4191
--- /dev/null
+++ b/hosts/vidhar/borg/uniworx.de/append.srv01.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJ73H+PNT0SC1ClnUmEtiBkd325oeay/8j+wsbteBOt borg@srv01.uniworx.de
diff --git a/hosts/vidhar/borg/uniworx.de/root.pub b/hosts/vidhar/borg/uniworx.de/root.pub
new file mode 100644
index 00000000..d7ea1394
--- /dev/null
+++ b/hosts/vidhar/borg/uniworx.de/root.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+ozTqBxzWkWmCY8ODfPvUgatWA2g8FgJQvQn8sR0AY root@srv01.uniworx.de

diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index d6d64ec8..9a51b103 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix
@@ -65,12 +65,23 @@ in {
65	};	65	};
66	};	66	};
67		67
68	services.borgbackup.repos.jotnar = {	68	services.borgbackup.repos = {
69	path = "/srv/backup/borg/jotnar";	69	jotnar = {
70	authorizedKeysAppendOnly = let	70	path = "/srv/backup/borg/jotnar";
71	dir = ./jotnar;	71	authorizedKeysAppendOnly = let
72	toAuthKey = fname: ftype: if ftype != "regular" \|\| !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");	72	dir = ./jotnar;
73	in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));	73	toAuthKey = fname: ftype: if ftype != "regular" \|\| !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
		74	in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
		75	};
		76	"uniworx.de" = {
		77	path = "/srv/backups/borg/uniworx.de";
		78	authorizedKeys = [
		79	(builtins.readFile ./uniworx.de/root.pub)
		80	];
		81	authorizedKeysAppendOnly = [
		82	(builtins.readFile ./uniworx.de/append.srv01.pub)
		83	];
		84	};
74	};	85	};
75		86
76	# systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;	87	# systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;


diff --git a/hosts/vidhar/borg/uniworx.de/append.srv01.pub b/hosts/vidhar/borg/uniworx.de/append.srv01.pub new file mode 100644 index 00000000..708a4191 --- /dev/null +++ b/hosts/vidhar/borg/uniworx.de/append.srv01.pub
@@ -0,0 +1 @@
			ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJ73H+PNT0SC1ClnUmEtiBkd325oeay/8j+wsbteBOt borg@srv01.uniworx.de


diff --git a/hosts/vidhar/borg/uniworx.de/root.pub b/hosts/vidhar/borg/uniworx.de/root.pub new file mode 100644 index 00000000..d7ea1394 --- /dev/null +++ b/hosts/vidhar/borg/uniworx.de/root.pub
@@ -0,0 +1 @@
			ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+ozTqBxzWkWmCY8ODfPvUgatWA2g8FgJQvQn8sR0AY root@srv01.uniworx.de