mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-02-25 18:19:00 +00:00
tasks/backup-archive: organize secrets and update remote backup
This commit is contained in:
parent
9ba543d2fc
commit
01bf630a9d
@ -10,7 +10,7 @@ let
|
||||
doInit = true;
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.sops.secrets.borg-password.path}";
|
||||
passCommand = "cat ${config.sops.secrets."borg-backup/password".path}";
|
||||
};
|
||||
extraCreateArgs = lib.concatStringsSep " "
|
||||
(builtins.map (patternFile: "--patterns-from ${patternFile}") patterns);
|
||||
@ -45,12 +45,14 @@ in {
|
||||
getKey = key: {
|
||||
inherit key;
|
||||
sopsFile = lib.getSecret "backup-archive.yaml";
|
||||
name = "borg-backup/${key}";
|
||||
}; in {
|
||||
borg-patterns-home = getKey "borg-patterns/home";
|
||||
borg-patterns-etc = getKey "borg-patterns/etc";
|
||||
borg-patterns-keys = getKey "borg-patterns/keys";
|
||||
borg-ssh-key = getKey "ssh-key";
|
||||
borg-password = getKey "password";
|
||||
"borg-backup/patterns/home" = getKey "borg-patterns/home";
|
||||
"borg-backup/patterns/etc" = getKey "borg-patterns/etc";
|
||||
"borg-backup/patterns/keys" = getKey "borg-patterns/keys";
|
||||
"borg-backup/patterns/remote-backup" = getKey "borg-patterns/remote-backup";
|
||||
"borg-backup/ssh-key" = getKey "ssh-key";
|
||||
"borg-backup/password" = getKey "password";
|
||||
};
|
||||
|
||||
fileSystems."/mnt/external-storage" = {
|
||||
@ -97,10 +99,10 @@ in {
|
||||
|
||||
services.borgbackup.jobs = {
|
||||
local-archive = borgJobCommonSetting {
|
||||
patterns = [
|
||||
config.sops.secrets.borg-patterns-home.path
|
||||
config.sops.secrets.borg-patterns-etc.path
|
||||
config.sops.secrets.borg-patterns-keys.path
|
||||
patterns = with config.sops; [
|
||||
secrets."borg-backup/patterns/home".path
|
||||
secrets."borg-backup/patterns/etc".path
|
||||
secrets."borg-backup/patterns/keys".path
|
||||
];
|
||||
} // {
|
||||
doInit = false;
|
||||
@ -110,10 +112,10 @@ in {
|
||||
};
|
||||
|
||||
local-external-drive = borgJobCommonSetting {
|
||||
patterns = [
|
||||
config.sops.secrets.borg-patterns-home.path
|
||||
config.sops.secrets.borg-patterns-etc.path
|
||||
config.sops.secrets.borg-patterns-keys.path
|
||||
patterns = with config.sops; [
|
||||
secrets."borg-backup/patterns/home".path
|
||||
secrets."borg-backup/patterns/etc".path
|
||||
secrets."borg-backup/patterns/keys".path
|
||||
];
|
||||
} // {
|
||||
doInit = false;
|
||||
@ -123,17 +125,19 @@ in {
|
||||
};
|
||||
|
||||
remote-borgbase = borgJobCommonSetting {
|
||||
patterns = [ config.sops.secrets.borg-patterns-home.path ];
|
||||
patterns = with config.sops; [
|
||||
secrets."borg-backup/patterns/remote-backup".path
|
||||
];
|
||||
} // {
|
||||
repo = "r6o30viv@r6o30viv.repo.borgbase.com:repo";
|
||||
startAt = "daily";
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets.borg-ssh-key.path}";
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";
|
||||
};
|
||||
};
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host *.repo.borgbase.com
|
||||
IdentityFile ${config.sops.secrets.borg-ssh-key.path}
|
||||
IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -4,6 +4,7 @@ borg-patterns:
|
||||
home: ENC[AES256_GCM,data:Vmz2TVmoQKasF91OKJO860WPO4VuBm3U3u9izzZecRGDWfIaZU7Li2CoxtO2XX4Pq3EEgo9+/QoW2ZRJCnm2ws+/4hb8e7UNVuO/DwAGTXmvCaxEi3u/7La6WOl2FMZVg8QFbYUE6rPoyXfm/iTYZhry5g0jzb6yNJt4IisH2y4HZ++xJndv2eeKfwbwyEUuLfYOdtSB6QG5bS3jwxz6dNH0NHZHRkOpKKyLfo3qzSfRVMM6qMWeqB86uQmJYKQgNsQyJBjWQfx8Qhzu7iZGMy7SFmS2eiftXt3B480ea2F0mcDrJTkkmq3TIRkUIPnwQXrdOZArlWzY8fdcpIA6/lOJW/t+yQcCTf8YAWzg8gTVsHldeiRRzuGgHF5At09FBNJWoIhhOUw+yjUdASJq2IaCkHDBzBGvnPry6Pn8PSZ7los5++4bRbZq/S5FJL4ODr0XBkBUXEvSaq8pUwKHOUbYvUbslA+tnr+bi6dysDRaAbjLxAhZ9k7r8US5EM0XArVp2C2TSLtin6urwP+hcqwV1zp7g2fmralggwyXlpIYOb5annm9mU4rnhz/D18WBN5u3Y+h3RBI3eY08JjvDxbDHMTF/0nc5qvWpznoMm6zrtJeF3/+sB46Wq2PAdwd5WV37Ob+aV6Dp69qqaOsynR/qDXJwOKhR8QuftLD0WQ9qdEvZUYwT1+M7QR6LeN9KTssiu9ov1uxVdua2vBsbTEGrPkWWmHI17l08YAO9FT2L1vwKhWqolBQ7BwVzDO/f+6Uv8ItnygIa/iH6govdE3cyddNIgGcbdak8E6Vz3R8ZW0ptaWOFH2hQ5AD0mvBbtdCLizNm5xMRlFKg5L1p/H4aZrPafr7PtcjjK9/tJ7BhFdYWMOZ8xL/tDsoWI7W4jWM0w==,iv:gg7vbrzukPJj5WEL55gzX+EghZps5+rSJbWiCzJFE28=,tag:HYxQlwGM0de8lht9w+iiWA==,type:str]
|
||||
etc: ENC[AES256_GCM,data:RUpVlNFuEVbhtfXio2N3XpDiYZPjNE1mqladh7iMB7gJX2HSivh5hqt4KkD3Bpl3zSClYqbS6GwxkQ46i5mXqJWl/vCNSFuWPg3qiw==,iv:QJnXrAHfJQJ7Gj4kTIh1RSAFfpBQCIkLIlgeYDsrHko=,tag:NzDm2lamC6YXVH9oBxet5A==,type:str]
|
||||
keys: ENC[AES256_GCM,data:qrnNqEhStnsuCHjFgCC1fNUDLmIvHbXUzCFXK9PGudQtj5W6DJX6him1rkMNW5VltoFilHo4flRk6ebB+eWNq4eN4h/7/1a7IfoaIQDmpjl4/skbVpPA9wriEgFunY3dWyiH4Qu3MCBiDSIOKJrkD11o2FKnvudTSxavNkvccQI9Z5ALrHKc1t3I0NDt4sE4gfocAq1l6cfnRJ8CTs8ZcWtLTQ==,iv:4/CUrq/oq0qvEbGUS2udLiBLZeGuQZ/KiSueBCqAoV0=,tag:tPiRZW/0y1BqHdwR3KNuyQ==,type:str]
|
||||
remote-backup: ENC[AES256_GCM,data:0+CRZF//EPzA6DHm9lYEaLzjdKv/oBuueLQUnsmBgLWS+3vfKf0iKZ9h4652kLwsVTEJk7Ozlu2mbbvl+NLkkVFrIe/dzH3w+M7YtXWxscNmt/TQk2HxkpEZOP+P/WL3cXPqPaEPza38UaoWJTXk70jyY4EmFobgL8uYE9IJR9n8re9qylvIZj61EcGpa4XNESUasEg/Ft1g0DIQ+FrthoHx140Rwu9jj5NOyQ4LLZHR8UIkso0waR+lLXI19/oPj00MUdMGc9jz7cf1BtMDq1DPysAWd/qztBoTRwkUum3ExrgVDOpnF5K1F4CAGS5Aw7Pfv9bD8OzL4onMSdeC18EGKnm8XmwjBABojk2w3q9T6o49fDDNOGg0zbzYFlzbCS27Lt25mQlLLrU5RnmL0LTOx5a4aZp78vG9kWYO12reGywfCk25ZcdbHOV2egT9h//I595oPV3E+VrQNgihlbTHKcs5seVL6egDvYtAZ99C65quGXZWY5Ga/aBEpFQQEVYwRrw0rNg6Vd9SqBtIsoLhqjKHoqzO66hjJv5YMspGLJFn+Ehry3eXtQXwcgAobgsqSo3sRPHvtv48lmmyI/T6vkp5SaDBh9O2Lc2tWUurKCmLGRPHwkZ1MHPodwt/e+phQI86AIcxZlDf6kRY9MsYZC04b92imleMupDplNecR/lqTCptBcPkeSAVnkzsBj97yCt9zPpJoFKmbPlwiyJhaalGyRsW2mg59BFxoxlgk49T+D3Dg+ViKns/wcHdVSdCaJZTKaMb03eq6f7ix+k+6yYLkH7P//sYMe0G0w8v97WmeYV2mcCK97RALcSUktc//CaNGdDfnn7lQX/0JHGojRgvqU1r8/QLQjM73u8KVby1MSsCR/ZwzwezLip8hdMydSPGykQSAJ28BSuQUh2OWz8tak4BYclnxZSxFP6O7BbkpzI1VsLCZS9fXYXpf4c507V/6z6Leuiczq2KujY/E8jctfrY2XXjji5xnAFTond5ytgx6CxiMaU2hpA2dQZvyi17+CihodmaBYSBAXvHzwNNWpEzD4LhQ4auScjSEvomvwxqI5Ead1iL13jfkGhf4F+l/hM+9XQRtE+gyKat5nQp2uBnYxvXHoN3c8pMZnFbV5K/oPeUEwJydnnh9VG2cAMfSqYovsBhLO+Q1SOq+OVqkg+gbT4wyaa7JVfjq5KOLgklRTQbUgpcTEWj5nzXCbwtaqYBMbT13hRiW/prURs4mhsrtOOY19jjCSNxkrxIXJoGCiG2ApgjxYRqURX+y9CQQ3tBS+Yg+c4Rs99qCoI0dFMbuc8qCXuqyn9j2tEO6INuo+Gqhbhh20oZupFHgSAYvB1mY4USNeKgqJhGc7wJmjzQCiVBKwvzdZm/NpJR5hw1d15n3U42Gxs8NSY7RFpQkZzz9At8t7AazZu3FWxE+MjaSTE=,iv:woThiW9LNEBi1//3kUrmeoP0tynLGpXcJ5hRUNuvjdg=,tag:tAJ+GZtuI349Sen6zfSkIQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -28,8 +29,8 @@ sops:
|
||||
QUlyNHBlNDV6eVJXc3VWNzJSaThIQUEKCdNxZCCNISWll5uaCcDQBA2ir7oLpHco
|
||||
+7ypF6lcOalqjvzc5DTXTt/v6QVs0f7SCZmNJFBMpZm8M2B+7O1h7A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-07-18T13:40:36Z"
|
||||
mac: ENC[AES256_GCM,data:gcobfyFJyKLfde3HlNXUsUdBakISwUCeWVCudn9/sMn6ABNYAlkvOa3PDnYERfp8G8q3QKouyqw43qpWPm+NLIRJs7Db7dR0w4DZOklWuElTumiGFLOSWHafuSNDrSEQS4QZNtaZ4CzobtIKsR9nZ9Admwyf2Jywew2bWxyXV/E=,iv:tEm62tvWmnsdIaRoQNcc6k6mOOG/6CzJv960SLdU0EA=,tag:vVmRjyNlZbxZDds+po93kQ==,type:str]
|
||||
lastmodified: "2022-07-20T03:15:04Z"
|
||||
mac: ENC[AES256_GCM,data:R0ylA7RQg1SaD5+1qJTkc3/uoZHibbbMIA7z18eb3mTqiwWIChWbN4ikEBoin8k6CSkD37B3U6VTRxZVdpsz11BaZ2/JZM1hziccPOk229bFAfk+meTzIy2FAq7RoXPAe8dO69Iulm63tUemc3U9PQao1WEeZxG+TdVZ/Cu4AGY=,iv:XwSIDDs/N5AeFqvHHf52GIPDovbpfPkZTVJjaKgywKg=,tag:XlQTGGTQsHXsRJDFOfjhMA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-07-18T13:19:32Z"
|
||||
enc: |
|
||||
|
Loading…
Reference in New Issue
Block a user