foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 18:19:11 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

config: replace Borgbase with Hetzner storage box for Borg repos

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-07 10:51:49 +08:00
parent e9aa875c6a
commit 85e1914025
3 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/plover/default.nix
View File

@ -25,7 +25,8 @@ let
keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username; keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username;
# The head of the Borgbase hostname. # The head of the Borgbase hostname.
borgbase-remote = "cr6pf13r"; hetzner-boxes-user = "u332477";
hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
in in
{ {
imports = [ imports = [
@ -86,6 +87,7 @@ in
"vaultwarden/env".owner = vaultwardenUserGroup; "vaultwarden/env".owner = vaultwardenUserGroup;
"borg/patterns/keys" = { }; "borg/patterns/keys" = { };
"borg/password" = { }; "borg/password" = { };
"borg/ssh-key" = { };
"keycloak/db/password".owner = postgresUserGroup; "keycloak/db/password".owner = postgresUserGroup;
}; };
@ -514,9 +516,9 @@ in
monthly = 12; monthly = 12;
yearly = 6; yearly = 6;
}; };
repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo"; repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/server";
startAt = "monthly"; startAt = "monthly";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/ssh-key".path}"; environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/borg/ssh-key".path}";
}; };
in in
{ {
@ -545,8 +547,8 @@ in
}; };
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host ${borgbase-remote}.repo.borgbase.com Host ${hetzner-boxes-server}
IdentityFile ${config.sops.secrets."plover/ssh-key".path} IdentityFile ${config.sops.secrets."plover/borg/ssh-key".path}
''; '';
systemd.tmpfiles.rules = let systemd.tmpfiles.rules = let

7
hosts/plover/secrets/secrets.yaml
View File

@ -16,9 +16,10 @@ gitea:
vaultwarden: vaultwarden:
env: ENC[AES256_GCM,data:9RebpDWaKhPHpUzWDOuOYSDDtJ/pAvL30ipZuZz5OxUsUKoepHHLeBhjQzxyvwIDd2lT1Jx3UdLVSoKmh2qxGboFdBt9XF+grEzsQoP18wiSopiPjlAyaRgZ2f/6d46G+NYy13J4+N6zbPSHS3W76vpa6Vy8Fn7MWy3bXVoE4m9vORagPT/OZO+tcbJGjjVWUbz6JwNv0o+VvVPAHtXB9esnkqYMK1LvvDKLoT6eBtbu0MUmcnQ=,iv:UxbyYnNJPV+tznBBf3wFsu5eNayuJHuMfn6QfFi52ss=,tag:FMIhzv6UrR6rkqlOZ56oVg==,type:str] env: ENC[AES256_GCM,data:9RebpDWaKhPHpUzWDOuOYSDDtJ/pAvL30ipZuZz5OxUsUKoepHHLeBhjQzxyvwIDd2lT1Jx3UdLVSoKmh2qxGboFdBt9XF+grEzsQoP18wiSopiPjlAyaRgZ2f/6d46G+NYy13J4+N6zbPSHS3W76vpa6Vy8Fn7MWy3bXVoE4m9vORagPT/OZO+tcbJGjjVWUbz6JwNv0o+VvVPAHtXB9esnkqYMK1LvvDKLoT6eBtbu0MUmcnQ=,iv:UxbyYnNJPV+tznBBf3wFsu5eNayuJHuMfn6QfFi52ss=,tag:FMIhzv6UrR6rkqlOZ56oVg==,type:str]
borg: borg:
password: ENC[AES256_GCM,data:Fxz36DGpjl5brWRPlzkqmhgwuDAw4BrqlHazjFkV,iv:qiII9yWbUfQggeO3KdPwNXAQBwVmx6YEa5YIID3AUIs=,tag:74IJEGAQ+PiHsw1RKb+iJg==,type:str] password: ENC[AES256_GCM,data:yvAtGsdJDYFRSUoq09iBh+snFWsJMrED++H3O/U=,iv:5N/OsIIEQr/c2ge23QznSPD88Jsccf8EdzlpG0c6zRs=,tag:896/9Z3LK1VFM4100ga8Qw==,type:str]
patterns: patterns:
keys: ENC[AES256_GCM,data:rv1I75M+3Y4vR65aloXyPgD594n2U9zcOFg4853yeA/+jUpDUC+Is9SaKVo1AB90LgnPl5yhGNzQbM5q9INaq9SL,iv:xj/owX79CeWV2ztQ0DP5bQRBwLPZiCpHB/JAK5tCfH8=,tag:sgkrWI/PtxZjw70lQfD8Jg==,type:str] keys: ENC[AES256_GCM,data:rv1I75M+3Y4vR65aloXyPgD594n2U9zcOFg4853yeA/+jUpDUC+Is9SaKVo1AB90LgnPl5yhGNzQbM5q9INaq9SL,iv:xj/owX79CeWV2ztQ0DP5bQRBwLPZiCpHB/JAK5tCfH8=,tag:sgkrWI/PtxZjw70lQfD8Jg==,type:str]
ssh-key: ENC[AES256_GCM,data:Sue8+VkfMHDbIx5dZps9G7iEALOf3Wvm2FcXdGr8dCURytIUaSszTGfjSRRXnmjNS1bymt1SBGo+2HSBHug8N56EC7gUFsRqfBEM+wBFPmYkR1LdtHLBEoC/4cpupvQLjNadmNplELjYBJCmURhTnrIdDIsHe8xCcGzarewlfiE9PuAa/hAjikUvqQyq2oljd0udINXC3wmGRK9m9SpnxW0YUPAL5A8GaXmn3eLSSLhDLbJJZK8/CMuBRnSYGbcmKessIiMetT7CR4pn7OHN2Naxg09uhquKWieeK9LXbMBIlgOZ004IdX1R+eNb9bI3+G4yN+VDv69xIDrtkTzksSePuaII+Vb6jTofB/DWWZ0b8cN7hPTC1JEKdaktd6pVTVqZ78dNAr4hi5sdELfHtgO6LZAajsN3TKviMoB1YUzHpt4+Ws12iR8B7njJKawh6ls8XvBpnYu8LpZmbo+IpN3yflpxGvlYThetdVSDB+gvzzyXqUmp4nlBiiwZdQXibHjkau2s1y1Es2+uy/NnkNR9VdNe9FGFpwFAsOyBOWmtOfucIE65KqyIskq2mXrW,iv:R9Se6PNqKZ61NQxY2J7p9W+Ougnaycl70Q24WCe4qG4=,tag:rEdbBnSs+Ix4p/W9Rpi0WA==,type:str]
keycloak: keycloak:
db: db:
password: ENC[AES256_GCM,data:oTqbholsgs6mcxNPTgq6Flk1yRlYHaHkiw3VtCcAAw==,iv:5f8nXJYylG4Px5YuFXFYbNpW4GzOK58TYxLTEuzfMuQ=,tag:/1ydKBAklDRIrqtKs2hOqw==,type:str] password: ENC[AES256_GCM,data:oTqbholsgs6mcxNPTgq6Flk1yRlYHaHkiw3VtCcAAw==,iv:5f8nXJYylG4Px5YuFXFYbNpW4GzOK58TYxLTEuzfMuQ=,tag:/1ydKBAklDRIrqtKs2hOqw==,type:str]
@ -37,8 +38,8 @@ sops:
ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY
miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA== miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-12T09:57:34Z" lastmodified: "2023-01-06T15:49:16Z"
mac: ENC[AES256_GCM,data:O8RVX5ibpttPlVbZ8DDFMXbGIGU1p5R30uOn5bNVtYoVJvTCmMUKYgbsddM5IJH7dDm7JIAROYkI2p+V0F0GwdKL95hFxbKDIjNmHzeWNVGXhpp960sDP3QZ2UdrhZr+njlaVR1NLaT3w9xvZ49XYIDrRDHSythVceJdymkIGzg=,iv:E9jvkXXw/ctvbiGPEvho0kuMrYkOPKnaCfkObBIy8vQ=,tag:v85Rlx7+8xH4tN88y27OYw==,type:str] mac: ENC[AES256_GCM,data:2hp92GQOeixM7F3sl5MjaJ676S5ah0a6aaHf3QXJc/ibSvvfmJunoAJiHZmjFYZ56x36jb5NWYJjMIMUhUoqcbEpTYvNkY9T5N6Qs0DAAbIASm3RG9KGdsjBQYFpU7Y5f4i3GOG76Dg1kex1JeFms25mIalcxA8ZAkbjnI0ifeo=,iv:6m6nDZBkgcK3l8Ezy4/mB4+3tWFueWNVNNBXenZ1ExI=,tag:c2klGi+T+9qV3VZ3FH2taQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

8
modules/nixos/tasks/backup-archive/default.nix
View File

@ -36,8 +36,8 @@ let
}; };
}; };
# The head of the Borgbase hostname. hetzner-boxes-user = "u332477";
borgbase-remote = "r6o30viv"; hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
in in
{ {
options.tasks.backup-archive.enable = options.tasks.backup-archive.enable =
@ -106,14 +106,14 @@ in
]; ];
} // { } // {
doInit = true; doInit = true;
repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo"; repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/home";
startAt = "daily"; startAt = "daily";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}"; environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";
}; };
}; };
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host ${borgbase-remote}.repo.borgbase.com Host ${hetzner-boxes-server}
IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path} IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path}
''; '';
}; };