diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-15 00:59:34 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-15 23:16:20 +0200 |
commit | bd5c5d4e23ebd3863a960976767ed4a83dfd07fe (patch) | |
tree | 270b468d6445365f99bbf80d5e75b6ce5f92fc42 /modules/private/system | |
parent | 042ada3bfc4a139a4bae60d5e5d549e41c02bca4 (diff) | |
download | Nix-bd5c5d4e23ebd3863a960976767ed4a83dfd07fe.tar.gz Nix-bd5c5d4e23ebd3863a960976767ed4a83dfd07fe.tar.zst Nix-bd5c5d4e23ebd3863a960976767ed4a83dfd07fe.zip |
Move backups to flake
Diffstat (limited to 'modules/private/system')
-rw-r--r-- | modules/private/system/backup-2.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix index 1f226c0..181f455 100644 --- a/modules/private/system/backup-2.nix +++ b/modules/private/system/backup-2.nix | |||
@@ -7,6 +7,22 @@ | |||
7 | }; | 7 | }; |
8 | # ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age | 8 | # ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age |
9 | secrets.ageKeys = [ "age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr" ]; | 9 | secrets.ageKeys = [ "age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr" ]; |
10 | secrets.keys = [ | ||
11 | { | ||
12 | dest = "rsync_backup/identity"; | ||
13 | user = "backup"; | ||
14 | group = "backup"; | ||
15 | permissions = "0400"; | ||
16 | text = config.myEnv.rsync_backup.ssh_key.private; | ||
17 | } | ||
18 | { | ||
19 | dest = "rsync_backup/identity.pub"; | ||
20 | user = "backup"; | ||
21 | group = "backup"; | ||
22 | permissions = "0444"; | ||
23 | text = config.myEnv.rsync_backup.ssh_key.public; | ||
24 | } | ||
25 | ]; | ||
10 | boot.kernelPackages = pkgs.linuxPackages_latest; | 26 | boot.kernelPackages = pkgs.linuxPackages_latest; |
11 | myEnv = import ../../../nixops/secrets/environment.nix; | 27 | myEnv = import ../../../nixops/secrets/environment.nix; |
12 | 28 | ||
@@ -54,8 +70,8 @@ | |||
54 | services.rsyncBackup = { | 70 | services.rsyncBackup = { |
55 | mountpoint = "/backup2"; | 71 | mountpoint = "/backup2"; |
56 | profiles = config.myEnv.rsync_backup.profiles; | 72 | profiles = config.myEnv.rsync_backup.profiles; |
57 | ssh_key_public = config.myEnv.rsync_backup.ssh_key.public; | 73 | ssh_key_public = config.secrets.fullPaths."rsync_backup/identity.pub"; |
58 | ssh_key_private = config.myEnv.rsync_backup.ssh_key.private; | 74 | ssh_key_private = config.secrets.fullPaths."rsync_backup/identity"; |
59 | }; | 75 | }; |
60 | 76 | ||
61 | myServices.mailRelay.enable = true; | 77 | myServices.mailRelay.enable = true; |