X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Fbackup-2.nix;h=c01a666b7deea692a212ca5cd8ef16fc1c544aea;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=d1064c7a5dec513f51f10535ea693307327e530b;hpb=34abd6afa44c620a56416bd423a2438a09bd1ce4;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix
index d1064c7..c01a666 100644
--- a/modules/private/system/backup-2.nix
+++ b/modules/private/system/backup-2.nix
@@ -1,4 +1,3 @@
-{ privateFiles }:
 { config, pkgs, resources, name, ... }:
 {
   deployment = {
@@ -6,8 +5,24 @@
     targetHost = config.hostEnv.ips.main.ip4;
     substituteOnDestination = true;
   };
+  # ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age
+  secrets.ageKeys = [ "age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr" ];
+  secrets.keys = {
+    "rsync_backup/identity" = {
+      user = "backup";
+      group = "backup";
+      permissions = "0400";
+      text = config.myEnv.rsync_backup.ssh_key.private;
+    };
+    "rsync_backup/identity.pub" = {
+      user = "backup";
+      group = "backup";
+      permissions = "0444";
+      text = config.myEnv.rsync_backup.ssh_key.public;
+    };
+  };
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
+  myEnv = import ../../../nixops/secrets/environment.nix;
 
   imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ] ++ builtins.attrValues (import ../..);
 
@@ -53,8 +68,8 @@
   services.rsyncBackup = {
     mountpoint = "/backup2";
     profiles = config.myEnv.rsync_backup.profiles;
-    ssh_key_public = config.myEnv.rsync_backup.ssh_key.public;
-    ssh_key_private = config.myEnv.rsync_backup.ssh_key.private;
+    ssh_key_public = config.secrets.fullPaths."rsync_backup/identity.pub";
+    ssh_key_private = config.secrets.fullPaths."rsync_backup/identity";
   };
 
   myServices.mailRelay.enable = true;