foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-25 06:19:10 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

config: replace Borgbase with Hetzner storage box for Borg repos

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-07 10:51:49 +08:00
parent e9aa875c6a
commit 85e1914025
3 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/plover/default.nix
View File

@ -25,7 +25,8 @@ let
keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username;
# The head of the Borgbase hostname.
borgbase-remote = "cr6pf13r";
hetzner-boxes-user = "u332477";
hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
in
{
imports = [
@ -86,6 +87,7 @@ in
"vaultwarden/env".owner = vaultwardenUserGroup;
"borg/patterns/keys" = { };
"borg/password" = { };
"borg/ssh-key" = { };
"keycloak/db/password".owner = postgresUserGroup;
};
@ -514,9 +516,9 @@ in
monthly = 12;
yearly = 6;
};
repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo";
repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/server";
startAt = "monthly";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/ssh-key".path}";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/borg/ssh-key".path}";
};
in
{
@ -545,8 +547,8 @@ in
};
programs.ssh.extraConfig = ''
Host ${borgbase-remote}.repo.borgbase.com
IdentityFile ${config.sops.secrets."plover/ssh-key".path}
Host ${hetzner-boxes-server}
IdentityFile ${config.sops.secrets."plover/borg/ssh-key".path}
'';
systemd.tmpfiles.rules = let

7
hosts/plover/secrets/secrets.yaml
View File

@ -16,9 +16,10 @@ gitea:
vaultwarden:
env: ENC[AES256_GCM,data:9RebpDWaKhPHpUzWDOuOYSDDtJ/pAvL30ipZuZz5OxUsUKoepHHLeBhjQzxyvwIDd2lT1Jx3UdLVSoKmh2qxGboFdBt9XF+grEzsQoP18wiSopiPjlAyaRgZ2f/6d46G+NYy13J4+N6zbPSHS3W76vpa6Vy8Fn7MWy3bXVoE4m9vORagPT/OZO+tcbJGjjVWUbz6JwNv0o+VvVPAHtXB9esnkqYMK1LvvDKLoT6eBtbu0MUmcnQ=,iv:UxbyYnNJPV+tznBBf3wFsu5eNayuJHuMfn6QfFi52ss=,tag:FMIhzv6UrR6rkqlOZ56oVg==,type:str]
borg:
password: ENC[AES256_GCM,data:Fxz36DGpjl5brWRPlzkqmhgwuDAw4BrqlHazjFkV,iv:qiII9yWbUfQggeO3KdPwNXAQBwVmx6YEa5YIID3AUIs=,tag:74IJEGAQ+PiHsw1RKb+iJg==,type:str]
password: ENC[AES256_GCM,data:yvAtGsdJDYFRSUoq09iBh+snFWsJMrED++H3O/U=,iv:5N/OsIIEQr/c2ge23QznSPD88Jsccf8EdzlpG0c6zRs=,tag:896/9Z3LK1VFM4100ga8Qw==,type:str]
patterns:
keys: ENC[AES256_GCM,data:rv1I75M+3Y4vR65aloXyPgD594n2U9zcOFg4853yeA/+jUpDUC+Is9SaKVo1AB90LgnPl5yhGNzQbM5q9INaq9SL,iv:xj/owX79CeWV2ztQ0DP5bQRBwLPZiCpHB/JAK5tCfH8=,tag:sgkrWI/PtxZjw70lQfD8Jg==,type:str]
ssh-key: ENC[AES256_GCM,data:Sue8+VkfMHDbIx5dZps9G7iEALOf3Wvm2FcXdGr8dCURytIUaSszTGfjSRRXnmjNS1bymt1SBGo+2HSBHug8N56EC7gUFsRqfBEM+wBFPmYkR1LdtHLBEoC/4cpupvQLjNadmNplELjYBJCmURhTnrIdDIsHe8xCcGzarewlfiE9PuAa/hAjikUvqQyq2oljd0udINXC3wmGRK9m9SpnxW0YUPAL5A8GaXmn3eLSSLhDLbJJZK8/CMuBRnSYGbcmKessIiMetT7CR4pn7OHN2Naxg09uhquKWieeK9LXbMBIlgOZ004IdX1R+eNb9bI3+G4yN+VDv69xIDrtkTzksSePuaII+Vb6jTofB/DWWZ0b8cN7hPTC1JEKdaktd6pVTVqZ78dNAr4hi5sdELfHtgO6LZAajsN3TKviMoB1YUzHpt4+Ws12iR8B7njJKawh6ls8XvBpnYu8LpZmbo+IpN3yflpxGvlYThetdVSDB+gvzzyXqUmp4nlBiiwZdQXibHjkau2s1y1Es2+uy/NnkNR9VdNe9FGFpwFAsOyBOWmtOfucIE65KqyIskq2mXrW,iv:R9Se6PNqKZ61NQxY2J7p9W+Ougnaycl70Q24WCe4qG4=,tag:rEdbBnSs+Ix4p/W9Rpi0WA==,type:str]
keycloak:
db:
password: ENC[AES256_GCM,data:oTqbholsgs6mcxNPTgq6Flk1yRlYHaHkiw3VtCcAAw==,iv:5f8nXJYylG4Px5YuFXFYbNpW4GzOK58TYxLTEuzfMuQ=,tag:/1ydKBAklDRIrqtKs2hOqw==,type:str]
@ -37,8 +38,8 @@ sops:
ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY
miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-12T09:57:34Z"
mac: ENC[AES256_GCM,data:O8RVX5ibpttPlVbZ8DDFMXbGIGU1p5R30uOn5bNVtYoVJvTCmMUKYgbsddM5IJH7dDm7JIAROYkI2p+V0F0GwdKL95hFxbKDIjNmHzeWNVGXhpp960sDP3QZ2UdrhZr+njlaVR1NLaT3w9xvZ49XYIDrRDHSythVceJdymkIGzg=,iv:E9jvkXXw/ctvbiGPEvho0kuMrYkOPKnaCfkObBIy8vQ=,tag:v85Rlx7+8xH4tN88y27OYw==,type:str]
lastmodified: "2023-01-06T15:49:16Z"
mac: ENC[AES256_GCM,data:2hp92GQOeixM7F3sl5MjaJ676S5ah0a6aaHf3QXJc/ibSvvfmJunoAJiHZmjFYZ56x36jb5NWYJjMIMUhUoqcbEpTYvNkY9T5N6Qs0DAAbIASm3RG9KGdsjBQYFpU7Y5f4i3GOG76Dg1kex1JeFms25mIalcxA8ZAkbjnI0ifeo=,iv:6m6nDZBkgcK3l8Ezy4/mB4+3tWFueWNVNNBXenZ1ExI=,tag:c2klGi+T+9qV3VZ3FH2taQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

8
modules/nixos/tasks/backup-archive/default.nix
View File

@ -36,8 +36,8 @@ let
};
};
# The head of the Borgbase hostname.
borgbase-remote = "r6o30viv";
hetzner-boxes-user = "u332477";
hetzner-boxes-server = "${hetzner-boxes-user}.your-storagebox.de";
in
{
options.tasks.backup-archive.enable =
@ -106,14 +106,14 @@ in
];
} // {
doInit = true;
repo = "${borgbase-remote}@${borgbase-remote}.repo.borgbase.com:repo";
repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/home";
startAt = "daily";
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";
};
};
programs.ssh.extraConfig = ''
Host ${borgbase-remote}.repo.borgbase.com
Host ${hetzner-boxes-server}
IdentityFile ${config.sops.secrets."borg-backup/ssh-key".path}
'';
};