1 files changed, 18 insertions, 1 deletions
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 5e3d45c..ab48ab4 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -39,6 +39,23 @@
  services.duplyBackup.enable = true;
  services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
+  secrets.keys = [
+    {
+      dest = "rsync_backup/identity";
+      user = "root";
+      group = "root";
+      permissions = "0400";
+      text = config.myEnv.rsync_backup.ssh_key.private;
+    }
+  ];
+  programs.ssh.knownHosts.dilion = {
+    hostNames = ["dilion.immae.eu"];
+    publicKey = let
+      profile = config.myEnv.rsync_backup.profiles.dilion;
+    in
+      "${profile.host_key_type} ${profile.host_key}";
+  };
  deployment = {
    targetEnv = "hetzner";
    hetzner = {
@@ -65,7 +82,7 @@
    systemCronJobs = [
      ''
        # The star after /var/lib/* avoids deleting all folders in case of problem
-        0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null
+        0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
        0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -g "immae.eu.*Recipient address rejected"
      ''
    ];

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index 5e3d45c..ab48ab4 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix
@@ -39,6 +39,23 @@
39	services.duplyBackup.enable = true;	39	services.duplyBackup.enable = true;
40	services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";	40	services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
41		41
		42	secrets.keys = [
		43	{
		44	dest = "rsync_backup/identity";
		45	user = "root";
		46	group = "root";
		47	permissions = "0400";
		48	text = config.myEnv.rsync_backup.ssh_key.private;
		49	}
		50	];
		51	programs.ssh.knownHosts.dilion = {
		52	hostNames = ["dilion.immae.eu"];
		53	publicKey = let
		54	profile = config.myEnv.rsync_backup.profiles.dilion;
		55	in
		56	"${profile.host_key_type} ${profile.host_key}";
		57	};
		58
42	deployment = {	59	deployment = {
43	targetEnv = "hetzner";	60	targetEnv = "hetzner";
44	hetzner = {	61	hetzner = {
@@ -65,7 +82,7 @@
65	systemCronJobs = [	82	systemCronJobs = [
66	''	83	''
67	# The star after /var/lib/* avoids deleting all folders in case of problem	84	# The star after /var/lib/* avoids deleting all folders in case of problem
68	0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null	85	0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
69	0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -g "immae.eu.*Recipient address rejected"	86	0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -g "immae.eu.*Recipient address rejected"
70	''	87	''
71	];	88	];