foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

tasks: refactor with path prefix

Browse Source
This commit is contained in:
Gabriel Arazas 2023-07-05 13:14:38 +08:00
parent 2e7cdeacf3
commit 426e4e360a
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/nixos/tasks/backup-archive/default.nix
View File

@ -38,6 +38,8 @@ let
hetzner-boxes-user = "u332477";
hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
pathPrefix = "borg-backup";
in
{
options.tasks.backup-archive.enable =
@ -46,7 +48,7 @@ in
config = lib.mkIf cfg.enable {
sops.secrets = lib.getSecrets
(lib.getSecret "backup-archive.yaml")
(lib.attachSopsPathPrefix "borg-backup" {
(lib.attachSopsPathPrefix pathPrefix {
"patterns/home" = { };
"patterns/etc" = { };
"patterns/keys" = { };
@ -66,11 +68,11 @@ in
local-archive = borgJobCommonSetting
{
patterns = with config.sops; [
secrets."borg-backup/patterns/home".path
secrets."borg-backup/patterns/etc".path
secrets."borg-backup/patterns/keys".path
secrets."${pathPrefix}/patterns/home".path
secrets."${pathPrefix}/patterns/etc".path
secrets."${pathPrefix}/patterns/keys".path
];
passCommand = "cat ${config.sops.secrets."borg-backup/repos/archive/password".path}";
passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/archive/password".path}";
} // {
removableDevice = true;
repo = "/mnt/archives/backups";
@ -80,11 +82,11 @@ in
local-external-drive = borgJobCommonSetting
{
patterns = with config.sops; [
secrets."borg-backup/patterns/home".path
secrets."borg-backup/patterns/etc".path
secrets."borg-backup/patterns/keys".path
secrets."${pathPrefix}/patterns/home".path
secrets."${pathPrefix}/patterns/etc".path
secrets."${pathPrefix}/patterns/keys".path
];
passCommand = "cat ${config.sops.secrets."borg-backup/repos/external-drive/password".path}";
passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/external-drive/password".path}";
} // {
removableDevice = true;
repo = "/mnt/external-storage/backups";
@ -94,20 +96,20 @@ in
remote-backup-hetzner-box = borgJobCommonSetting
{
patterns = with config.sops; [
secrets."borg-backup/patterns/remote-backup".path
secrets."${pathPrefix}/patterns/remote-backup".path
];
passCommand = "cat ${config.sops.secrets."borg-backup/repos/hetzner-box/password".path}";
passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/hetzner-box/password".path}";
} // {
doInit = true;
repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/desktop/ni";
startAt = "daily";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."${pathPrefix}/ssh-key".path}";
};
};
programs.ssh.extraConfig = ''
Host ${hetzner-boxes-server}
IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path}
IdentityFile ${config.sops.secrets."${pathPrefix}/ssh-key".path}
'';
};
}

6
modules/nixos/tasks/multimedia-archive/default.nix
View File

@ -7,6 +7,8 @@ let
deviantArt = name: "https://deviantart.com/${name}";
artStation = name: "https://www.artstation.com/${name}";
newgrounds = name: "https://${name}.newgrounds.com";
pathPrefix = "multimedia-archive";
in
{
options.tasks.multimedia-archive.enable =
@ -94,7 +96,7 @@ in
environment.systemPackages = [ ytdlpArchiveVariant ];
sops.secrets = lib.getSecrets (lib.getSecret "multimedia-archive.yaml")
(lib.attachSopsPathPrefix "multimedia-archive" {
(lib.attachSopsPathPrefix pathPrefix {
"secrets-config" = { };
});
@ -164,7 +166,7 @@ in
# in the service properly since secrets decrypted by sops-nix cannot
# be read in Nix.
"--config"
"${config.sops.secrets."multimedia-archive/secrets-config".path}"
"${config.sops.secrets."${pathPrefix}/secrets-config".path}"
];
settings.extractor = {