asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:4438328d31b5699cfbd1a9219f9ddbbdc91dd4d7
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2
..
compare: asmir:c21478e241141ec18b300de1cdd86b0de8f3ed23
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2

2 Commits
4438328d31 ... c21478e241

Author SHA1 Message Date
Asmir A
c21478e241
nixy/secrets: add ssh and enc keys 2024-04-06 23:08:17 +02:00
Asmir A
4179492ab3
nixy/borgbackup: add service 2024-04-06 23:07:41 +02:00
3 changed files with 98 additions and 0 deletions
Show Stats Expand all files Collapse all files

38
nixy/configuration.nix
View File

@ -26,6 +26,16 @@
sopsFile = ./secrets/wg_privkey.yaml;
};
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
owner = config.users.users.akill.name;
};
sops.secrets."borgbase_ssh_key" = {
sopsFile = ./secrets/borgbase_ssh_key.yaml;
owner = config.users.users.akill.name;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
@ -286,6 +296,34 @@
};
};
borgbackup.jobs."borgbase" = let
user = config.users.users.akill;
home = user.home;
in {
user = user.name;
paths = [
(home + "/pic/priv")
(home + "/pproj")
(home + "/videos/priv")
];
exclude = [
"**/.ccls_cache"
"**/*.d"
"**/*.map"
"**/*.o"
"**/zig-cache"
"**/zig-out"
];
repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
nix-serve = {
enable = false;
secretKeyFile = "/var/cache-priv-key.pem";

30
nixy/secrets/borgbase_enc_key.yaml Normal file
View File

@ -0,0 +1,30 @@
borgbase_enc_key: ENC[AES256_GCM,data:HBjoQkV3wDor8olcM4cejfi+1HDZWsjypL0=,iv:cgKsWfPY0+IvgobxVbz/IN4ujNLJzBZ0iGx7D4hj4YM=,tag:M2EC1eWtCYuTvgrauzJ7JQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTTFkWkkxK3hsa3p4NnZY
MEUvZ1N3VUozZ1dtSmRldVR1YTFCdU1Nd2hjCndHenR1d2sxcjhVN2NVZlQ2R1Br
VmdhMWlSaStDSmpNSmVpMmd2dkpEZ1kKLS0tIFlDdEx5RWxjKytXWlFLeEVmNmtk
TVhYVkRuM1pIbXdiMEc5eW1EQi9nWHcKIDT3i5UWvL/2T8TvBNSITdl77BamTwNK
2OjhkvGtM+L7LSniO8OYm/i+CjsfiSmFScWbDr9JsjFPUpedt96mHg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNlBzMUJBTW5kMVU2R1Z1
VXBlRmxndHFEMTFRMXZRZnBpSzBOOVhzcmtRCkZCL20wend0cDFDNlNsemdwclRt
TUJTNjVrUVljS3VRandST3lqclM2MFkKLS0tIEc1ZCsyNFViQmhUZ0xOTVNza3B2
Y0ROa0Y4M2YzbjduYjJqRW9pUEVpMWMKMR4gJdaVW/ke7wV+9lq3vR/FzkY+Kgs/
qm0MwdSJSEcUnYUyyH6YL1yW/I/LqIuLLYozgD8DgNZFPMta38T9hA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T19:19:16Z"
mac: ENC[AES256_GCM,data:dAMQvSiNQASgtT807D1104P1/yYGazqEBKXJ/W69kLPh75sxIz8tFs6A6qzp3XW750OFHqwItaFZXBDXqAOt1/513bZAN8Nvy+NN9/mwbkHzsYY1ygpuq/YHjXAa0VSiWNigwrNLejMmk58k3TWukUYQ7QnR64ARXRSWFtJji1Y=,iv:111Wzv0qYS+EdRd+byNGJFumVyp/sIhlYGVkzOJZhjo=,tag:4xR8LZTRlfYQsbgYnm1t2g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
nixy/secrets/borgbase_ssh_key.yaml Normal file
View File

@ -0,0 +1,30 @@
borgbase_ssh_key: ENC[AES256_GCM,data:3DweTqDZP5TCmgq7aH3ZIgXFKEKdFmpntLhOSTinjkfmldx3vumWLpRu5r2FChOptfsA0iBj1S8semA0b4pdZthDKQwixsf9k0sg4YZOiPkSewwgyQqigoiO6mug2yHetZNYYVfxFaEGLLNqdLHqVEYa7UPtxH4XzFKARs0lv1dNGq6i8Vd4ZZWgd2zMohMlLQT8frR/CZPYk5SsRzbZ44AkyVlb80ktDn7SDs48H/aJvdlQ3VPkyPO/SIAaTm9BxzNPVApzksdsydvVUnUjlnugKtp9a4rwX0rFxvDORzNu/wPCX7OGaHJxwEczLlQmYckpxGh7Cpt1YqwobrSl8BU3vhywrYtOulBhdJuCnHZL+mQ2WpLspm5nuo6w3LmaEGe+/rMu6GxYFcLeSxSnON8kqNg0Nfe4jLokf15CADmXoMAgqd3Kax+s8xJQL/bgpHvY38qIoDJ1fS30jwCXImWRZzOozmgpFwP42fT/a5N4x/m7BvYFLzBRve3SLMRuQf3iWS44IKo0Zvm+2T22ECK72h4a2YpfcKQu,iv:WWUs/yHYbHVWwyXgmkBP1585N4AsthD4u6atug0L3nM=,tag:x+unGowhm8IbpEg3scQ5CA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZmMwY0JVdjlmYkJNbjF0
ZmM3MXNzakI0cDlmZk5KYmd0K2N3SXJMTlhZCjNQSURBN1JuMk40NXlsVG5aZzRq
NnprYm9jTVZwWGdSOElEM1JGVFRyRDAKLS0tIEEybnpQci9YL3F3NTRod1VQWmVG
MkMvSC8rcDZkaUFJU2E2dGRHUE0wVHMK5KypL9Yx/fpwRMc4gKVXLLXOyHpdqS+S
OWywZxSRd7dRG7If3ZDRCtvZ34XGKwOrAHoZrCc4lAa4drXmBrP3Iw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYk5EVHU5emVVVEc0elhZ
M1ZOYTNPU1B3OUFJc3N3b1hEUlFIYjlOUkVJCjhka01LSW1lMENLanplcUxPZHhM
WDU1ZDB4enloUDlMNHo1dDU2SFA5ZUEKLS0tIGFJU2k1WHcyT3NTeFZkRi9pUHNy
Tm5UbTY5U0xmMUUweHZNWHlOMU1maTAK6NEU4Bl7uY8NcgrzJtIRjtusoggreIHc
+xDRaROFCzpWkwNh1m5olPSP1C/fdUbKaGJ35if+Pj5Rt8GwaUdcRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T19:18:12Z"
mac: ENC[AES256_GCM,data:0B25mCDuyw7Ts98GZZ1+MukEwE3Ud8ytyC0VNJ5FuHG78h1uIEuWLBhw8YoYDsaMegiQBalJwK8oCGKnEI0uVHmoaktrGQoqsxAwMfC2vr/PhckJGx/5uILDrIW+/wCJz18evGB7/yGk6Sgvtk0oGqZDKXbNgUXvUQKByxZ+Id0=,iv:0eFOkVPnDohf79yMGepLmwHusV7T13mUbyXGapq4eYc=,tag:6PDerYjQOf9bss+tdvQDlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1