From 85e1914025dd61811d02af575b08692e5fbe8078 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Sat, 7 Jan 2023 10:51:49 +0800 Subject: [PATCH] config: replace Borgbase with Hetzner storage box for Borg repos --- hosts/plover/default.nix | 12 +++++++----- hosts/plover/secrets/secrets.yaml | 7 ++++--- modules/nixos/tasks/backup-archive/default.nix | 8 ++++---- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix index 2a1dfd0a..847e0667 100644 --- a/hosts/plover/default.nix +++ b/hosts/plover/default.nix @@ -25,7 +25,8 @@ let keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username; # The head of the Borgbase hostname. - borgbase-remote = "cr6pf13r"; + hetzner-boxes-user = "u332477"; + hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de"; in { imports = [ @@ -86,6 +87,7 @@ in "vaultwarden/env".owner = vaultwardenUserGroup; "borg/patterns/keys" = { }; "borg/password" = { }; + "borg/ssh-key" = { }; "keycloak/db/password".owner = postgresUserGroup; }; @@ -514,9 +516,9 @@ in monthly = 12; yearly = 6; }; - repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo"; + repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/server"; startAt = "monthly"; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/ssh-key".path}"; + environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/borg/ssh-key".path}"; }; in { @@ -545,8 +547,8 @@ in }; programs.ssh.extraConfig = '' - Host ${borgbase-remote}.repo.borgbase.com - IdentityFile ${config.sops.secrets."plover/ssh-key".path} + Host ${hetzner-boxes-server} + IdentityFile ${config.sops.secrets."plover/borg/ssh-key".path} ''; systemd.tmpfiles.rules = let diff --git a/hosts/plover/secrets/secrets.yaml b/hosts/plover/secrets/secrets.yaml index e3134d2c..2d22b5e3 100644 --- a/hosts/plover/secrets/secrets.yaml +++ b/hosts/plover/secrets/secrets.yaml @@ -16,9 +16,10 @@ gitea: vaultwarden: env: ENC[AES256_GCM,data:9RebpDWaKhPHpUzWDOuOYSDDtJ/pAvL30ipZuZz5OxUsUKoepHHLeBhjQzxyvwIDd2lT1Jx3UdLVSoKmh2qxGboFdBt9XF+grEzsQoP18wiSopiPjlAyaRgZ2f/6d46G+NYy13J4+N6zbPSHS3W76vpa6Vy8Fn7MWy3bXVoE4m9vORagPT/OZO+tcbJGjjVWUbz6JwNv0o+VvVPAHtXB9esnkqYMK1LvvDKLoT6eBtbu0MUmcnQ=,iv:UxbyYnNJPV+tznBBf3wFsu5eNayuJHuMfn6QfFi52ss=,tag:FMIhzv6UrR6rkqlOZ56oVg==,type:str] borg: - password: ENC[AES256_GCM,data:Fxz36DGpjl5brWRPlzkqmhgwuDAw4BrqlHazjFkV,iv:qiII9yWbUfQggeO3KdPwNXAQBwVmx6YEa5YIID3AUIs=,tag:74IJEGAQ+PiHsw1RKb+iJg==,type:str] + password: ENC[AES256_GCM,data:yvAtGsdJDYFRSUoq09iBh+snFWsJMrED++H3O/U=,iv:5N/OsIIEQr/c2ge23QznSPD88Jsccf8EdzlpG0c6zRs=,tag:896/9Z3LK1VFM4100ga8Qw==,type:str] patterns: keys: ENC[AES256_GCM,data:rv1I75M+3Y4vR65aloXyPgD594n2U9zcOFg4853yeA/+jUpDUC+Is9SaKVo1AB90LgnPl5yhGNzQbM5q9INaq9SL,iv:xj/owX79CeWV2ztQ0DP5bQRBwLPZiCpHB/JAK5tCfH8=,tag:sgkrWI/PtxZjw70lQfD8Jg==,type:str] + ssh-key: ENC[AES256_GCM,data:Sue8+VkfMHDbIx5dZps9G7iEALOf3Wvm2FcXdGr8dCURytIUaSszTGfjSRRXnmjNS1bymt1SBGo+2HSBHug8N56EC7gUFsRqfBEM+wBFPmYkR1LdtHLBEoC/4cpupvQLjNadmNplELjYBJCmURhTnrIdDIsHe8xCcGzarewlfiE9PuAa/hAjikUvqQyq2oljd0udINXC3wmGRK9m9SpnxW0YUPAL5A8GaXmn3eLSSLhDLbJJZK8/CMuBRnSYGbcmKessIiMetT7CR4pn7OHN2Naxg09uhquKWieeK9LXbMBIlgOZ004IdX1R+eNb9bI3+G4yN+VDv69xIDrtkTzksSePuaII+Vb6jTofB/DWWZ0b8cN7hPTC1JEKdaktd6pVTVqZ78dNAr4hi5sdELfHtgO6LZAajsN3TKviMoB1YUzHpt4+Ws12iR8B7njJKawh6ls8XvBpnYu8LpZmbo+IpN3yflpxGvlYThetdVSDB+gvzzyXqUmp4nlBiiwZdQXibHjkau2s1y1Es2+uy/NnkNR9VdNe9FGFpwFAsOyBOWmtOfucIE65KqyIskq2mXrW,iv:R9Se6PNqKZ61NQxY2J7p9W+Ougnaycl70Q24WCe4qG4=,tag:rEdbBnSs+Ix4p/W9Rpi0WA==,type:str] keycloak: db: password: ENC[AES256_GCM,data:oTqbholsgs6mcxNPTgq6Flk1yRlYHaHkiw3VtCcAAw==,iv:5f8nXJYylG4Px5YuFXFYbNpW4GzOK58TYxLTEuzfMuQ=,tag:/1ydKBAklDRIrqtKs2hOqw==,type:str] @@ -37,8 +38,8 @@ sops: ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-12T09:57:34Z" - mac: ENC[AES256_GCM,data:O8RVX5ibpttPlVbZ8DDFMXbGIGU1p5R30uOn5bNVtYoVJvTCmMUKYgbsddM5IJH7dDm7JIAROYkI2p+V0F0GwdKL95hFxbKDIjNmHzeWNVGXhpp960sDP3QZ2UdrhZr+njlaVR1NLaT3w9xvZ49XYIDrRDHSythVceJdymkIGzg=,iv:E9jvkXXw/ctvbiGPEvho0kuMrYkOPKnaCfkObBIy8vQ=,tag:v85Rlx7+8xH4tN88y27OYw==,type:str] + lastmodified: "2023-01-06T15:49:16Z" + mac: ENC[AES256_GCM,data:2hp92GQOeixM7F3sl5MjaJ676S5ah0a6aaHf3QXJc/ibSvvfmJunoAJiHZmjFYZ56x36jb5NWYJjMIMUhUoqcbEpTYvNkY9T5N6Qs0DAAbIASm3RG9KGdsjBQYFpU7Y5f4i3GOG76Dg1kex1JeFms25mIalcxA8ZAkbjnI0ifeo=,iv:6m6nDZBkgcK3l8Ezy4/mB4+3tWFueWNVNNBXenZ1ExI=,tag:c2klGi+T+9qV3VZ3FH2taQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/modules/nixos/tasks/backup-archive/default.nix b/modules/nixos/tasks/backup-archive/default.nix index a95937d0..a9905090 100644 --- a/modules/nixos/tasks/backup-archive/default.nix +++ b/modules/nixos/tasks/backup-archive/default.nix @@ -36,8 +36,8 @@ let }; }; - # The head of the Borgbase hostname. - borgbase-remote = "r6o30viv"; + hetzner-boxes-user = "u332477"; + hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de"; in { options.tasks.backup-archive.enable = @@ -106,14 +106,14 @@ in ]; } // { doInit = true; - repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo"; + repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/home"; startAt = "daily"; environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}"; }; }; programs.ssh.extraConfig = '' - Host ${borgbase-remote}.repo.borgbase.com + Host ${hetzner-boxes-server} IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path} ''; };