From e1b1715a480997d6ff23af9c7e5b1a9ae301f34d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Wed, 26 Jul 2023 14:23:12 +0300 Subject: [PATCH] vno1-oh2: backup /home/motiejus/annex2 --- flake.nix | 5 +++-- hosts/vno1-oh2/configuration.nix | 14 ++++++++++++++ secrets.nix | 7 ++++--- secrets/vno1-oh2/borgbackup/password.age | 14 ++++++++++++++ 4 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 secrets/vno1-oh2/borgbackup/password.age diff --git a/flake.nix b/flake.nix index 1b69a43..545e2eb 100644 --- a/flake.nix +++ b/flake.nix @@ -84,11 +84,12 @@ agenix.nixosModules.default { - age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; - age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; age.secrets.zfs-passphrase-hel1-a.file = ./secrets/hel1-a/zfs-passphrase.age; + + age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; } ]; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 515b750..7f3eb2b 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -40,6 +40,20 @@ mountpoints = ["/home"]; }; + zfsborg = { + enable = true; + passwordPath = config.age.secrets.borgbackup-password.path; + mountpoints = { + "/home" = { + repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-home-motiejus-annex2"; + paths = [ + "/home/.snapshot-latest/motiejus/annex2" + ]; + backup_at = "*-*-* 00:05:00"; + }; + }; + }; + unitstatus = { enable = true; email = "motiejus+alerts@jakstys.lt"; diff --git a/secrets.nix b/secrets.nix index 4417a67..62365b8 100644 --- a/secrets.nix +++ b/secrets.nix @@ -18,9 +18,10 @@ in { # vno1-oh2 + motiejus "secrets/hel1-a/zfs-passphrase.age".publicKeys = [vno1-oh2] ++ motiejus; + "secrets/vno1-oh2/borgbackup/password.age".publicKeys = [vno1-oh2] ++ motiejus; # everywhere + motiejus - "secrets/motiejus_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; - "secrets/root_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; - "secrets/postfix_sasl_passwd.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; + "secrets/motiejus_passwd_hash.age".publicKeys = systems ++ motiejus; + "secrets/root_passwd_hash.age".publicKeys = systems ++ motiejus; + "secrets/postfix_sasl_passwd.age".publicKeys = systems ++ motiejus; } diff --git a/secrets/vno1-oh2/borgbackup/password.age b/secrets/vno1-oh2/borgbackup/password.age new file mode 100644 index 0000000..017e814 --- /dev/null +++ b/secrets/vno1-oh2/borgbackup/password.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 gJrHQg j7sUOhDLKi30GrtR7n5U0aayKmosVJCRvMZOUosj8gA +wtR/TBANJlef2ro6jZFF8I32fOoIoCkv0lPTxXyAGbU +-> X25519 gA1mX6nFahyHt3q50YA8DZPBnIs7L6KqK2k4dpDfHDg +iLFQiOjmLxyVWtYfS5kZz+/+Sk3dCOcCiAIaRtJFTAs +-> piv-p256 +y2G/w Awvvi5nJhm9Qw5Ud0cSuC+IfNkuiYDQQuIEw5AZXKlfB +HMjBVqbxgW2/l6//EDXo8mb0FD1DjvOxvMcUdgRDLow +-> piv-p256 jNqd3A Al9AHVU/7lRJfXr/qwc636wiw8r3bBW/PzDb3V1FYtQj +Q1WM/FuwFaRRnMqbHthRZBa+D0EgGyWKTPpXrMxrhL8 +-> `Y}e-grease +D69Yt9zk5GBadq1OQem1ZOeWk0BkYlUhK9vGqeN6jyU +--- 19G2cDXZ2BR1pMUL7/F1QZlA+l9Pl2fWJiTzC6ANXWw +€•¶”ìí<ó;GB‘t8bý¶%E/^ÎYH¾~¸3r€È +=ÐÛÅ6Í¿¡y^R× \ No newline at end of file