summaryrefslogtreecommitdiff
path: root/hosts/vidhar/borg
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/borg')
-rwxr-xr-xhosts/vidhar/borg/copy.py6
-rw-r--r--hosts/vidhar/borg/default.nix8
2 files changed, 11 insertions, 3 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 809184a3..c839194c 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -101,7 +101,11 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
101 for path in [chroot,upper,work]: 101 for path in [chroot,upper,work]:
102 path.mkdir() 102 path.mkdir()
103 subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir=/,upperdir={upper},workdir={work}', chroot], check=True) 103 subprocess.run(['mount', '-t', 'overlay', 'overlay', '-o', f'lowerdir=/,upperdir={upper},workdir={work}', chroot], check=True)
104 bindMounts = ['nix', 'run', 'run/secrets.d', 'var/lib/borg', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')] 104 bindMounts = ['nix', 'run', 'proc', 'dev', 'sys', pathlib.Path(os.path.expanduser('~')).relative_to('/')]
105 if os.environ.get('BORG_BASE_DIR'):
106 bindMounts.append(os.environ['BORG_BASE_DIR'])
107 if os.environ.get('CREDENTIALS_DIRECTORY'):
108 bindMounts.append(os.environ['CREDENTIALS_DIRECTORY'])
105 if not ":" in src_repo_path: 109 if not ":" in src_repo_path:
106 bindMounts.append(pathlib.Path(src_repo_path).relative_to('/')) 110 bindMounts.append(pathlib.Path(src_repo_path).relative_to('/'))
107 if 'SSH_AUTH_SOCK' in os.environ: 111 if 'SSH_AUTH_SOCK' in os.environ:
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 7250c4c7..352ce887 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -11,7 +11,7 @@ let
11 Host yggdrasil.borgbase 11 Host yggdrasil.borgbase
12 HostName nx69hpl8.repo.borgbase.com 12 HostName nx69hpl8.repo.borgbase.com
13 User nx69hpl8 13 User nx69hpl8
14 IdentityFile ${config.sops.secrets."append.borgbase".path} 14 IdentityFile /run/credentials/${serviceName}.service/ssh-identity
15 IdentitiesOnly yes 15 IdentitiesOnly yes
16 16
17 BatchMode yes 17 BatchMode yes
@@ -33,9 +33,13 @@ let
33 "BORG_CACHE_DIR=/var/lib/borg/cache" 33 "BORG_CACHE_DIR=/var/lib/borg/cache"
34 "BORG_SECURITY_DIR=/var/lib/borg/security" 34 "BORG_SECURITY_DIR=/var/lib/borg/security"
35 "BORG_KEYS_DIR=/var/lib/borg/keys" 35 "BORG_KEYS_DIR=/var/lib/borg/keys"
36 "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}" 36 "BORG_KEY_FILE=/run/credentials/${serviceName}.service/keyfile"
37 "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes" 37 "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
38 ]; 38 ];
39 LoadCredential = [
40 "ssh-identity:${config.sops.secrets."append.borgbase".path}"
41 "keyfile:${config.sops.secrets."yggdrasil.borgkey".path}"
42 ];
39 }; 43 };
40 }; 44 };
41 45