From e748d6f49372169176c0a78871be805fc63e21bf Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 7 Feb 2022 11:25:48 +0100 Subject: vidhar: borg: ... --- hosts/vidhar/borg/authorized-keys/surtr | 26 ---------------------- hosts/vidhar/borg/authorized-keys/surtr.pub | 1 - hosts/vidhar/borg/authorized-keys/ymir | 21 ------------------ hosts/vidhar/borg/authorized-keys/ymir.pub | 1 - hosts/vidhar/borg/default.nix | 17 ++++----------- hosts/vidhar/borg/jotnar/surtr | 26 ++++++++++++++++++++++ hosts/vidhar/borg/jotnar/surtr.pub | 1 + hosts/vidhar/borg/jotnar/ymir | 21 ++++++++++++++++++ hosts/vidhar/borg/jotnar/ymir.pub | 1 + hosts/vidhar/borg/passphrase.yaml | 34 ----------------------------- 10 files changed, 53 insertions(+), 96 deletions(-) delete mode 100644 hosts/vidhar/borg/authorized-keys/surtr delete mode 100644 hosts/vidhar/borg/authorized-keys/surtr.pub delete mode 100644 hosts/vidhar/borg/authorized-keys/ymir delete mode 100644 hosts/vidhar/borg/authorized-keys/ymir.pub create mode 100644 hosts/vidhar/borg/jotnar/surtr create mode 100644 hosts/vidhar/borg/jotnar/surtr.pub create mode 100644 hosts/vidhar/borg/jotnar/ymir create mode 100644 hosts/vidhar/borg/jotnar/ymir.pub delete mode 100644 hosts/vidhar/borg/passphrase.yaml diff --git a/hosts/vidhar/borg/authorized-keys/surtr b/hosts/vidhar/borg/authorized-keys/surtr deleted file mode 100644 index 26d286b4..00000000 --- a/hosts/vidhar/borg/authorized-keys/surtr +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:UFWmVs/D1MtAW9ql+e9S5XRPBEmW5k09zCw+ftP8UgXPWSnNrutRpncsyvM07yqZw8qr4bhEErOrkmMk+BGcVlxGg55S7f6iJsj8GCFMhfJ5gVEa9jJRmEX8F9NZ2wlj3aeMni2JjBNnbypCwD7ffudK+sLNlhmVVwdNFCws2JQLnFW7mQOo/d8+BlPOxCebJIvmTq4K/b7+RqVuuqiK9t28Qt/eo0+F9aciXKyKZVM0bxw54Hh6yADqZ6ZTIzWbHb9+TL3HhP6dquNDqe2iiWaPzI5J63agpNDJ7uEtwTDW/irsIl3Ob5ekrXJ1FOaTmIUqRdyxty71ir6Aa/+JQIeVoC80oUgu1ImD9xenYD2v0EX4s6yJJV3a9bla3D3HRvZSfSuShbjfJDkegehXzFK0pVt2oAZMKKLHF25cx3In428evW7vb0R2aakf/tF0Gjlbooc+zEc2UgEp/YjYW5WaelWIK4ItwfmBRNYG9G5ZE0GT2I8UtHOiMQRA78ShxN7i,iv:H+YVF7wiUATbwnwzqO/LEZgWagnbeRRdMS9aK09vCbg=,tag:sDbC2g2xtjifS8Px3YI6vA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-02-06T19:43:25Z", - "mac": "ENC[AES256_GCM,data:K3Y96+TM4/Jsl8JQ56tpJNHmkDVuetUtQbUpDqIHbqm65d+RKoL/Qy/IWVGqcfUxZMUvzM2J3fEo/05q8mcxn+wZd2tECSJEUbgFDhGrpPZV8Ir8cQCYlPn+UBTS4rNUfEpSBlymND/vFjQ0lneqMo5lapbetSs4h/GvFzUFw8M=,iv:TyzMk7wKzZpq8TrE9uHRFXi+JzvNePcWrmyogcoCZo0=,tag:KB6ZBlGrBSGuQFg4fB407w==,type:str]", - "pgp": [ - { - "created_at": "2022-02-06T19:43:24Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWSCnyt9/7PkWecNhcOwuw0TRJMld9dmV0Ti6KjR6bkAw\nQxTdj0rMaXFayEyyXxotbjxb/ZMTesYCqAce7RKoj0GS2GngmP6Xzpt151uSmyPs\n0l4Bh5Ohfln3bAq6iJvJfOZvwYqmoIicRZFFY7afuBDO7oad4fkoWpQWDRtuLc9M\nIC0ReFXCuQOI5eoFF3V8xT+X+icjFUCVC2OktO/6AlAtXxi6BSL+574CUMivuQz0\n=3v/M\n-----END PGP MESSAGE-----\n", - "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" - }, - { - "created_at": "2022-02-06T19:43:24Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqlj4zYxkXgnJEEt/RfxQORgOzyfiZdQKzlhm78OhsBkw\nc2EdfAgpGwIm1F8tpVtwYcfNXYgfaJdADMzYSHL8qqn8DJrvhCArJdT/m7ZPWKy2\n0l4B1hpQdga7KQTD/iDlIrTJtiZ9/AMtUJM/HU9KtCl9AFGRNEGTAEdlHTUBDzOP\nTSF+R4NAqoY742C7Lf7pkHbVhhpXige37qJhvu7AMgnT5TT17McsXUj52Sy+Qv3z\n=cBYd\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/hosts/vidhar/borg/authorized-keys/surtr.pub b/hosts/vidhar/borg/authorized-keys/surtr.pub deleted file mode 100644 index 5c044d7a..00000000 --- a/hosts/vidhar/borg/authorized-keys/surtr.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5rfNezLOoI4ijzNNg61OGFfq4AXHlzVT0z/+RO0/ju surtr diff --git a/hosts/vidhar/borg/authorized-keys/ymir b/hosts/vidhar/borg/authorized-keys/ymir deleted file mode 100644 index f3dd360c..00000000 --- a/hosts/vidhar/borg/authorized-keys/ymir +++ /dev/null @@ -1,21 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:uzfOHmr0fct77EW5F/b5mSlckywoAKp/LCSZYTtUKa6HzbYujCUhlwqwFcc1lOQxfiDyQuJmhZaFbMgTSHyzf5zAfirQnCFPoUJFQf62TkQIoRNkTIYlzyzsaGl5uMZukl3r+qmd92Xoaf/d300Oq9P2k1RHQw2+UtyNn5B2OHD9hR9X6yXr8lRH8ABLKSFcqS2KrJXzYofoHub/V8OSldSRKpG3yy/CpsbVTOkc+ygBaH7orR6PWIy/iSummSGN6EaXdv2GZcqqf/h3iP8+xZlgqWnxRt0X5se6hrXNM0oU04fcs0sneqxUAQTvcnT75uO4z/lZ8ZTKDi05hCDzOF2iKybGjuJTGBMdAitQVC3DG7dtjbtnQ2xWrkZjkIRAGSz9Ud6rXmP0OILWYIhBHXgruyCJVJkTSBlu2Kcc+gwgEMfUHBq5k6rW13f1hlqikINDT6rkKH8IJyvMF0WTNdW0KVEemImKqfJccsfdPK6EdQDLOApq1vjd2djQVnIrCccV,iv:0qExktFJCrwkPbDzyUn2mWrHXCJsDPyZ0w2pSYl/bu8=,tag:N6RWe6owTuohMpyJoJaEjQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-02-06T20:15:30Z", - "mac": "ENC[AES256_GCM,data:uuScAvmls3hQFnuzG2KJXPEC2crHmkAlQGhIsxJRKCfsrlIyLZbDhNmB+MkYSJza4X4Cshm95DcFh7+A1QFa9VlZl+7iFx2RT23dMpW4aDGPB9w/SPUTFoUiKUkxsGIl0VemnoT3EuU3iPRGqGX859MGHAFe6XprCRKUnpU0OyA=,iv:pbG7dQ2ZEVMWmlx9AQfIJBs5Wu2pKCfYQ3DrzteJj28=,tag:UvDuRPJUU7ScgwrmbGjPiA==,type:str]", - "pgp": [ - { - "created_at": "2022-02-06T20:15:29Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAju8aRDlzlNFdCuiVeg7Kak6DgixY2Gq5fRqS78PP3Mw\nRZyzG8ZaNBSHIG+lZtgdYcMEe1kH83KZ7pimlh3jKCumpdyB0jEdoMl1VLYhaaw9\n0l4B8yQ4DbxuJuTrrlI4XtMO4srMQXn88UlqDb33ScURLPhl2Xmlhn9JNEoOgut9\nr+vQ5jj1/Cf7jE9fLeB9JcPyKeJJftIM4TBn+trvC/RaKs4gq1UVRH15WFTNRG5/\n=ncoV\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/hosts/vidhar/borg/authorized-keys/ymir.pub b/hosts/vidhar/borg/authorized-keys/ymir.pub deleted file mode 100644 index a62fcfdf..00000000 --- a/hosts/vidhar/borg/authorized-keys/ymir.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRPw65gJccLR1bdKeyD/GB6dBBXPffP0JM9FvvIATzS ymir diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 3558a421..ee5856c9 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix @@ -4,16 +4,16 @@ with lib; { config = { - services.borgbackup.repos.borg = { - path = "/srv/backup/borg"; + services.borgbackup.repos.jotnar = { + path = "/srv/backup/borg/jotnar"; authorizedKeysAppendOnly = let - dir = ./authorized-keys; + dir = ./jotnar; toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}"); in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir)); }; boot.postBootCommands = mkBefore '' - ${pkgs.findutils}/bin/find /srv/backup/borg -maxdepth 1 -type d -empty -delete + ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete ''; users.users.borg.extraGroups = ["ssh"]; @@ -25,14 +25,5 @@ with lib; Match All ''; - - sops.secrets.borg-passphrase = { - sopsFile = ./passphrase.yaml; - format = "yaml"; - key = "borg"; - owner = "borg"; - group = "borg"; - mode = "0440"; - }; }; } diff --git a/hosts/vidhar/borg/jotnar/surtr b/hosts/vidhar/borg/jotnar/surtr new file mode 100644 index 00000000..26d286b4 --- /dev/null +++ b/hosts/vidhar/borg/jotnar/surtr @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:UFWmVs/D1MtAW9ql+e9S5XRPBEmW5k09zCw+ftP8UgXPWSnNrutRpncsyvM07yqZw8qr4bhEErOrkmMk+BGcVlxGg55S7f6iJsj8GCFMhfJ5gVEa9jJRmEX8F9NZ2wlj3aeMni2JjBNnbypCwD7ffudK+sLNlhmVVwdNFCws2JQLnFW7mQOo/d8+BlPOxCebJIvmTq4K/b7+RqVuuqiK9t28Qt/eo0+F9aciXKyKZVM0bxw54Hh6yADqZ6ZTIzWbHb9+TL3HhP6dquNDqe2iiWaPzI5J63agpNDJ7uEtwTDW/irsIl3Ob5ekrXJ1FOaTmIUqRdyxty71ir6Aa/+JQIeVoC80oUgu1ImD9xenYD2v0EX4s6yJJV3a9bla3D3HRvZSfSuShbjfJDkegehXzFK0pVt2oAZMKKLHF25cx3In428evW7vb0R2aakf/tF0Gjlbooc+zEc2UgEp/YjYW5WaelWIK4ItwfmBRNYG9G5ZE0GT2I8UtHOiMQRA78ShxN7i,iv:H+YVF7wiUATbwnwzqO/LEZgWagnbeRRdMS9aK09vCbg=,tag:sDbC2g2xtjifS8Px3YI6vA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-06T19:43:25Z", + "mac": "ENC[AES256_GCM,data:K3Y96+TM4/Jsl8JQ56tpJNHmkDVuetUtQbUpDqIHbqm65d+RKoL/Qy/IWVGqcfUxZMUvzM2J3fEo/05q8mcxn+wZd2tECSJEUbgFDhGrpPZV8Ir8cQCYlPn+UBTS4rNUfEpSBlymND/vFjQ0lneqMo5lapbetSs4h/GvFzUFw8M=,iv:TyzMk7wKzZpq8TrE9uHRFXi+JzvNePcWrmyogcoCZo0=,tag:KB6ZBlGrBSGuQFg4fB407w==,type:str]", + "pgp": [ + { + "created_at": "2022-02-06T19:43:24Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWSCnyt9/7PkWecNhcOwuw0TRJMld9dmV0Ti6KjR6bkAw\nQxTdj0rMaXFayEyyXxotbjxb/ZMTesYCqAce7RKoj0GS2GngmP6Xzpt151uSmyPs\n0l4Bh5Ohfln3bAq6iJvJfOZvwYqmoIicRZFFY7afuBDO7oad4fkoWpQWDRtuLc9M\nIC0ReFXCuQOI5eoFF3V8xT+X+icjFUCVC2OktO/6AlAtXxi6BSL+574CUMivuQz0\n=3v/M\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-06T19:43:24Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqlj4zYxkXgnJEEt/RfxQORgOzyfiZdQKzlhm78OhsBkw\nc2EdfAgpGwIm1F8tpVtwYcfNXYgfaJdADMzYSHL8qqn8DJrvhCArJdT/m7ZPWKy2\n0l4B1hpQdga7KQTD/iDlIrTJtiZ9/AMtUJM/HU9KtCl9AFGRNEGTAEdlHTUBDzOP\nTSF+R4NAqoY742C7Lf7pkHbVhhpXige37qJhvu7AMgnT5TT17McsXUj52Sy+Qv3z\n=cBYd\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/vidhar/borg/jotnar/surtr.pub b/hosts/vidhar/borg/jotnar/surtr.pub new file mode 100644 index 00000000..5c044d7a --- /dev/null +++ b/hosts/vidhar/borg/jotnar/surtr.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5rfNezLOoI4ijzNNg61OGFfq4AXHlzVT0z/+RO0/ju surtr diff --git a/hosts/vidhar/borg/jotnar/ymir b/hosts/vidhar/borg/jotnar/ymir new file mode 100644 index 00000000..f3dd360c --- /dev/null +++ b/hosts/vidhar/borg/jotnar/ymir @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:uzfOHmr0fct77EW5F/b5mSlckywoAKp/LCSZYTtUKa6HzbYujCUhlwqwFcc1lOQxfiDyQuJmhZaFbMgTSHyzf5zAfirQnCFPoUJFQf62TkQIoRNkTIYlzyzsaGl5uMZukl3r+qmd92Xoaf/d300Oq9P2k1RHQw2+UtyNn5B2OHD9hR9X6yXr8lRH8ABLKSFcqS2KrJXzYofoHub/V8OSldSRKpG3yy/CpsbVTOkc+ygBaH7orR6PWIy/iSummSGN6EaXdv2GZcqqf/h3iP8+xZlgqWnxRt0X5se6hrXNM0oU04fcs0sneqxUAQTvcnT75uO4z/lZ8ZTKDi05hCDzOF2iKybGjuJTGBMdAitQVC3DG7dtjbtnQ2xWrkZjkIRAGSz9Ud6rXmP0OILWYIhBHXgruyCJVJkTSBlu2Kcc+gwgEMfUHBq5k6rW13f1hlqikINDT6rkKH8IJyvMF0WTNdW0KVEemImKqfJccsfdPK6EdQDLOApq1vjd2djQVnIrCccV,iv:0qExktFJCrwkPbDzyUn2mWrHXCJsDPyZ0w2pSYl/bu8=,tag:N6RWe6owTuohMpyJoJaEjQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-06T20:15:30Z", + "mac": "ENC[AES256_GCM,data:uuScAvmls3hQFnuzG2KJXPEC2crHmkAlQGhIsxJRKCfsrlIyLZbDhNmB+MkYSJza4X4Cshm95DcFh7+A1QFa9VlZl+7iFx2RT23dMpW4aDGPB9w/SPUTFoUiKUkxsGIl0VemnoT3EuU3iPRGqGX859MGHAFe6XprCRKUnpU0OyA=,iv:pbG7dQ2ZEVMWmlx9AQfIJBs5Wu2pKCfYQ3DrzteJj28=,tag:UvDuRPJUU7ScgwrmbGjPiA==,type:str]", + "pgp": [ + { + "created_at": "2022-02-06T20:15:29Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAju8aRDlzlNFdCuiVeg7Kak6DgixY2Gq5fRqS78PP3Mw\nRZyzG8ZaNBSHIG+lZtgdYcMEe1kH83KZ7pimlh3jKCumpdyB0jEdoMl1VLYhaaw9\n0l4B8yQ4DbxuJuTrrlI4XtMO4srMQXn88UlqDb33ScURLPhl2Xmlhn9JNEoOgut9\nr+vQ5jj1/Cf7jE9fLeB9JcPyKeJJftIM4TBn+trvC/RaKs4gq1UVRH15WFTNRG5/\n=ncoV\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/vidhar/borg/jotnar/ymir.pub b/hosts/vidhar/borg/jotnar/ymir.pub new file mode 100644 index 00000000..a62fcfdf --- /dev/null +++ b/hosts/vidhar/borg/jotnar/ymir.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRPw65gJccLR1bdKeyD/GB6dBBXPffP0JM9FvvIATzS ymir diff --git a/hosts/vidhar/borg/passphrase.yaml b/hosts/vidhar/borg/passphrase.yaml deleted file mode 100644 index 2cb63790..00000000 --- a/hosts/vidhar/borg/passphrase.yaml +++ /dev/null @@ -1,34 +0,0 @@ -borg: ENC[AES256_GCM,data:o5pmEauOdKlmHxy0TRj8E8QXyy6ve+mP/rcDNfdn7N0=,iv:qJIaJxzDKf7dLJtxwQOQcPvqY4CW3XZMOZXGe9hqavQ=,tag:BUp8yuXq7mVMvZ4JjbXhug==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-02-06T20:32:52Z" - mac: ENC[AES256_GCM,data:FvSjzLSV3mnV1a0Sdt4PsdZtfOO7VhWe5LilR1fNTywwClOlr+g0SFVcJezU9AJDKsElfjoS2L3WFCNzyF9cHFnQFUt87TFbUxWbX0j4ib8lkJ4cpn2txeqXo0viq58/jnkNQD8o/f6fOlD5Y//0Lpyj055kWkPSGOmjoa4q/ps=,iv:Gnmo1ciA4FWsM+Qed/tKFjWEdQ/uqpAMQrHu44GsyWc=,tag:+8+YO9w/6glN+eNNSgzHiQ==,type:str] - pgp: - - created_at: "2022-02-06T20:32:40Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DbYDvGI0HDr0SAQdAVAW0FHYzJhXVUvP/nvGrTrzSZhoAqLzuUnbjt0WiTRww - bVPtaek+koF+7cNFXO44nl0jwAZ3JhMAkbJThMkzKfVPGlSclIvlsx48fKDxeGlG - 0l4BTnEn9Cooj9HAIVsnhicqkTw0iDfHuMHJKIKE5QHj6DspwmFTXN65yzA1rdLY - tYtMf5l7LLfZ1A/g4Ntem/BmivTyCGHo0H+KE5hYj0G/LPOAKd5u+gILMb0ieiEn - =/Hp4 - -----END PGP MESSAGE----- - fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362 - - created_at: "2022-02-06T20:32:40Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DXxoViZlp6dISAQdARXAvPGVP/xWyS7hihCv2r92juXZ0n38RDEYq6N4tPxAw - 3JV5lFVE+EHIa8xB8WR8ACyV9kjZxhNkSmbUCBjyONCBMeS8aTzbYAC1xvOBOg/c - 0l4BbpKdYpMeKjhoLgef0/DoO4cuPKFgq7GVfivErkb8s4Px5L5nVDsBCDb4gXvy - RWrsrgxHN1wtmRFfgOTahvYdPDneFYKa30vm7CLmBY1/XBZJ0vlzzhHvqOc9Xelb - =Y6lZ - -----END PGP MESSAGE----- - fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 - unencrypted_suffix: _unencrypted - version: 3.7.1 -- cgit v1.2.3