jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

add secret for borg

Browse source
This commit is contained in:
Joseph Hanson 2024-07-26 21:52:12 -05:00
parent fc1de07045
commit b014a8fc77
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 37 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
nixos/hosts/gandalf/default.nix
View file

@ -62,6 +62,10 @@ in
mode = "0444"; mode = "0444";
sopsFile = ./secrets.sops.yaml; sopsFile = ./secrets.sops.yaml;
}; };
"borg/repositories/gandalf" = {
mode = "0444";
sopsFile = ./secrets.sops.yaml;
};
}; };
}; };
@ -81,27 +85,34 @@ in
samba.extraConfig = import ./config/samba-config.nix { }; samba.extraConfig = import ./config/samba-config.nix { };
resticBackup.local.enable = false; resticBackup.local.enable = false;
resticBackup.remote.enable = false; resticBackup.remote.enable = false;
}; # # Borg
# borgbackup = {
# enable = true;
# paths = [ "/home" ];
# exclude = [ ];
# repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
# repoKeyPath = "/run/secrets/borgbackup/telchar";
# };
services = { services = {
podman.enable = true; podman.enable = true;
libvirt-qemu.enable = true; libvirt-qemu.enable = true;
# Sanoid # Sanoid
sanoid = { sanoid = {
enable = true; enable = true;
inherit (sanoidConfig.outputs) templates datasets; inherit (sanoidConfig.outputs) templates datasets;
}; };
# Unifi & Lego-Auto # Unifi & Lego-Auto
unifi.enable = true; unifi.enable = true;
lego-auto = { lego-auto = {
enable = true; enable = true;
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}"; dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
domains = "gandalf.jahanson.tech"; domains = "gandalf.jahanson.tech";
email = "joe@veri.dev"; email = "joe@veri.dev";
provider = "dnsimple"; provider = "dnsimple";
};
}; };
}; };
}; }
}

9
nixos/hosts/gandalf/secrets.sops.yaml
View file

@ -1,6 +1,11 @@
lego: lego:
dnsimple: dnsimple:
token: ENC[AES256_GCM,data:CfRFhGE8AyZfO9RzoXXTfm8kstvx+Fuy53o9ulYNZiufzzSQ4KzwYIoCRw==,iv:HEC8hRpmk7YDI7RHj29ZAeFKyPgsWTHw1sxjdZuhcrw=,tag:7RhEhZ9GkyBE9PJRe+gD+Q==,type:str] token: ENC[AES256_GCM,data:CfRFhGE8AyZfO9RzoXXTfm8kstvx+Fuy53o9ulYNZiufzzSQ4KzwYIoCRw==,iv:HEC8hRpmk7YDI7RHj29ZAeFKyPgsWTHw1sxjdZuhcrw=,tag:7RhEhZ9GkyBE9PJRe+gD+Q==,type:str]
borg:
repositories:
- name: ENC[AES256_GCM,data:kQ6HlxtIGw==,iv:/fn/tZ+g0OQ0zbPM4RkchOjlLGbTau0qjIjmn7E6e18=,tag:SMOX35dqTmV90bpjSyJ1DQ==,type:str]
location: ENC[AES256_GCM,data:wosJBuACNDx7XTkiSVrzSOsknIh15Ya5aDGTfvSaY0ZiDyjOKED+srhcuOrjzcHy,iv:OGIiXGpzvgjvmP4NY9B/pMOoq9HzUkEr3fcRXG0m6fs=,tag:/hr8HGYBz5Ze/schxeXgLw==,type:str]
passphrase: ENC[AES256_GCM,data:tg/SRKkuiDK24RRKfAxrLMh5NjE=,iv:9QjLuI/vvD3/BxE/Aq3tM035oHCY/NN9a33ii8xsD5M=,tag:TFjNQ0TO0PvQ+mkEdAylWQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -70,8 +75,8 @@ sops:
V1d0d1lKb3hyYVQ4elBIZ0hnU3FTbnMKiWERjAwlJRPK+PILCBV03uyNVnNgolA8 V1d0d1lKb3hyYVQ4elBIZ0hnU3FTbnMKiWERjAwlJRPK+PILCBV03uyNVnNgolA8
PS0vbIDVNiX0pIrRlM2sVivZwqajjTB3XROXMmbIKpQxDMjvpHgqJA== PS0vbIDVNiX0pIrRlM2sVivZwqajjTB3XROXMmbIKpQxDMjvpHgqJA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T23:16:58Z" lastmodified: "2024-07-27T02:39:00Z"
mac: ENC[AES256_GCM,data:OQn/8yJX1xRapEUflwUHaHabt8i1EbK27vAM5mJge5n/y2+G7xYfpt2YsRUikogl1q4hqSGLe12WFYdG3TXqD5aBnwnf8if0Cax2wcjcm0ybcuWflXgZbtjWnVKV9w1Y8LCXpMd129VeeqysrY/lThRjXk1ByBcfbZ/RMZOyWOw=,iv:9mn0FH39xgFXisuEZrERhsjXCM7nQhMSoNdNTuGoHXc=,tag:T7AgJ8fYKVLDtRPm794AAg==,type:str] mac: ENC[AES256_GCM,data:DfXmbUCj/IZWwUB7OLfgH5A6CosWj5SxUuw7LODGbaZZP3GaX4JOZvQpK5DXFMiTX2NOMId2ap+uJ8ea7LXrZuCxlvITprj3PuAY61EmJV/GVQLKjB/tTtyQtZJEZXo0WiqGYtZdyxLLMGF9DyHGYsqFdso2fhYV19gooBwXqoM=,iv:CxJXp3c/IEBMTvXm3i9mdGAtv3m6WPmQTWdENqDcpQw=,tag:UXWBvmBPaCEHoRrdNW0MgA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1