This commit is contained in:
Motiejus Jakštys 2023-04-06 23:16:17 +03:00
parent c7a0d74cb6
commit 6ffda9b1c2
3 changed files with 10 additions and 10 deletions

View File

@ -2,11 +2,7 @@ keys:
- &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7 - &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7
- &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q - &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.yaml$ - path_regex: hosts/hel1-a/secrets.yaml$
key_groups:
- pgp:
- *motiejus
- path_regex: secrets/hel1-a/[^/]+\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *motiejus - *motiejus

View File

@ -72,6 +72,10 @@ in {
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
sops.defaultSopsFile = ./hosts/hel1-a/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.borgbackup-password = {};
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
systemd = super.systemd.overrideAttrs (old: { systemd = super.systemd.overrideAttrs (old: {
@ -254,8 +258,8 @@ in {
repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst"; repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
#passCommand = "cat ${config.age.secrets.borgbackup-password.path}"; passCommand = "cat ${config.sops.secrets.borgbackup-password.path}";
passCommand = "cat /var/src/secrets/borgbackup/password"; #passCommand = "cat /var/src/secrets/borgbackup/password";
}; };
paths = value.paths; paths = value.paths;
extraArgs = "--remote-path=borg1"; extraArgs = "--remote-path=borg1";

View File

@ -1,4 +1,4 @@
password: ENC[AES256_GCM,data:IVoMD1bSp15bPfPPws6k6u7SXioMPibxqg==,iv:U0zLdK4XEvty8eS/G80NcGlQrEn9M2fDH2oWv5cXIvI=,tag:IU3P9SjexZGGiOOxseUnLg==,type:str] borgbackup-password: ENC[AES256_GCM,data:igLuxWZujydxdJO8Qt7sIOhIT9SqOkCvjw==,iv:pHk2V/VBb/HzHGieHyL4KY1RpmN6bqjjSDuTTnsH4bM=,tag:36aSlD6zY3AXE5X9ejs6CA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,8 +14,8 @@ sops:
YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD
1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg== 1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-05T19:33:58Z" lastmodified: "2023-04-06T20:01:44Z"
mac: ENC[AES256_GCM,data:hqQoErSGafMyD43nQBInX1+wrCGlln1KvH6w1NLMw6GQwZ6EzdTBJKH05S67KjA1UtxLGi8MquBnjymHSctsuWtBiM0T+7dSQlF+FEvkGcRVf1aGbCWtZgNWS07iROAhCNxHpHaPMPUHj5Y0ih3zBh6q9OuDkXG/up1zvN4YRwM=,iv:qGgT5qj7dX82NWOb/s3Pj1n13nFn73p3fOiVJrbpav0=,tag:VjPMmLUmasq54xNqMeAvlQ==,type:str] mac: ENC[AES256_GCM,data:PRjs8bZ/DGGlfDjRexvImDdAuE/W74HPa+KdQtE1Qktu6nz1cqlFy8a+CiA/mw+Y3P4NntzXHxU30sONrZWXA+n5RXAn8kMgpOYzRWqZWn0zzIyfhZ9+jPmP7uLpJWGZIEayw8NRfHGthDb7SLTnM9OpbkIP9dl4NgMSvn0A2MA=,iv:ma2ekXqtJGlTE2lAIw9YapvtXns/P1BwSgj+Ly4W+gE=,tag:z/ypCNkpdi2B1BFoZx5Jyw==,type:str]
pgp: pgp:
- created_at: "2023-04-05T19:33:35Z" - created_at: "2023-04-05T19:33:35Z"
enc: | enc: |