xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: picard to ds9 backups

Browse source
This commit is contained in:
Philipp Hochkamp 2022-04-13 08:39:53 +02:00
parent 2601467bee
commit 73e31ca37c
5 changed files with 46 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

31
hosts/ds9/default.nix
View file

@ -51,27 +51,16 @@ in
};
# services.restic.backups."ds9" = {
# rcloneConfigFile = "/run/secrets/ds9rcloneConfig";
# passwordFile = "/run/secrets/ds9resticPassword";
# pruneOpts = [
# "--keep-daily 7"
# "--keep-weekly 5"
# "--keep-monthly 12"
# "--keep-yearly 75"
# ];
# initialize = true;
# repository = "rclone:ds9:/ds9";
# paths = [
# "/data"
# "/persistent/var/lib"
# ];
# };
ragon.agenix.secrets."ds9rcloneConfig" = { };
ragon.agenix.secrets."ds9resticPassword" = { };
# Backup Target
users.users.picardbackup = {
createHome = true;
group = "users";
home = "/backups/picard";
isSystemUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvCF8KGgpF9O8Q7k+JXqZ5eMeEeTaMhCIk/2ZFOzXL0"
];
};
# Enable Scanning
hardware.sane.enable = true;

21
hosts/picard/default.nix
View file

@ -41,6 +41,27 @@
users.mutableUsers = false;
services.postgresql.package = pkgs.postgresql_13;
ragon.agenix.secrets."picardResticPassword" = { };
ragon.agenix.secrets."picardResticSSHKey" = { };
services.restic.backups."picard" = {
passwordFile = config.age.secrets.picardResticPassword.path;
extraOptions = [
"sftp.command='ssh picardbackup@ds9 -i ${config.age.secrets.picardResticSSHKey.path} -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 75"
];
initialize = true;
repository = "sftp:ds9:/backups/picard/restic";
paths = [
"/persistent"
];
};
ragon = {
cli.enable = true;

13
secrets/picardResticPassword.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 WceKOQ k2R5Jitq8cEQPR6XFnucyYE3BDlBTnXeXakig5Rb6CQ
aXWMcZDMsC4UqpgkUywkOuHGTb5aeTHvpKNjxEUfTDo
-> ssh-ed25519 ugHWWw 0CCoHYRYlYq5wFt8R26y5pSfSqTQzcR4jzdWl2E12TQ
6qjep1dn6B5DA2lcMZXItnAzxE2eHY/XSJYVyDGRwW4
-> ssh-ed25519 UU9RSA CMo9lkcazC9TXypP/o/majaFp0UP++XAbh65TYvEiDo
GD1/sNmjRM2+9RpPbCMoMU9Q0JQb2jsjji1Yt0+LR9w
-> +!c:-grease zi]- eO\*
nKAD5+pPHB3K+HtpEHA+bDBG/P9ec6pb
--- 5x5Rpg23SqXQK/sSiUNEZ0tdXF+GxgBSTWVSbIOmmNw
XnTBt·Œh¥|XÇwmôúèÎÓºSç=Sr”MCàâè<C3A2>Š²{¢¢MÂ…›^¯µÒHa„£Wâi
;†}ÿ
,<2C>€:´—Ït=öÓâ<C393>ùÐrC|À|h«©”$¹†–

BIN
secrets/picardResticSSHKey.age Normal file
View file

Binary file not shown.

4
secrets/secrets.nix
View file

@ -10,8 +10,6 @@ in
"ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
"tailscaleKey.age".publicKeys = pubkeys.ragon.computers;
"paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9rcloneConfig.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9resticPassword.age".publicKeys = pubkeys.ragon.host "ds9";
"hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard";
"gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard";
"gitlabSecretFile.age".publicKeys = pubkeys.ragon.host "picard";
@ -19,4 +17,6 @@ in
"gitlabOTPFile.age".publicKeys = pubkeys.ragon.host "picard";
"gitlabJWSFile.age".publicKeys = pubkeys.ragon.host "picard";
"nextcloudAdminPass.age".publicKeys = pubkeys.ragon.host "picard";
"picardResticSSHKey.age".publicKeys = pubkeys.ragon.host "picard";
"picardResticPassword.age".publicKeys = pubkeys.ragon.host "picard";
}