};
# ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr" ];
+ secrets.keys = {
+ "rsync_backup/identity" = {
+ user = "backup";
+ group = "backup";
+ permissions = "0400";
+ text = config.myEnv.rsync_backup.ssh_key.private;
+ };
+ "rsync_backup/identity.pub" = {
+ user = "backup";
+ group = "backup";
+ permissions = "0444";
+ text = config.myEnv.rsync_backup.ssh_key.public;
+ };
+ };
boot.kernelPackages = pkgs.linuxPackages_latest;
myEnv = import ../../../nixops/secrets/environment.nix;
services.rsyncBackup = {
mountpoint = "/backup2";
profiles = config.myEnv.rsync_backup.profiles;
- ssh_key_public = config.myEnv.rsync_backup.ssh_key.public;
- ssh_key_private = config.myEnv.rsync_backup.ssh_key.private;
+ ssh_key_public = config.secrets.fullPaths."rsync_backup/identity.pub";
+ ssh_key_private = config.secrets.fullPaths."rsync_backup/identity";
};
myServices.mailRelay.enable = true;