mirror of
https://github.com/Stunkymonkey/nixos.git
synced 2025-05-24 09:54:40 +02:00
machines: update backup ssh keys and extend service
This commit is contained in:
Felix Buehler
parent
f03b4e4bd1
commit
a1967f0b4b
3 changed files with 27 additions and 9 deletions
|
|
@ -3,7 +3,7 @@ users:
|
|||
password: ENC[AES256_GCM,data:ma+FSUcvVjrtMKS9,iv:3AHwBXdbuSG6ZZnBVL+/Mf8H/GjiXIhmXbuZEnRYIGA=,tag:hlnKF0pLznMl1sbnGENXXQ==,type:str]
|
||||
borgbackup:
|
||||
password: ENC[AES256_GCM,data:MCzHfmd5uSIO6NqOLljVEce6O2btQoc=,iv:CGGvivLFcsUSQKT1EkY72uDVM9+No25WlXjL/WryuEU=,tag:wZOV8Clot5Df+mMf71thZA==,type:str]
|
||||
ssh_key: ENC[AES256_GCM,data:o5iJ4pgLAFH8aoaxoSXabqnoYUyy7FQjGTA6owXqjG+qirv+V0tZGmfaIcfz6KkVh1sFUn3d1RRR87nDiuMLS5TFdni4IQdAnoedqTHTMjPetwnBiwrOsfHNSg//Yy/aTQIIzI8KBu9cTxI4Q8ab21Z0N2/dBSdYYEZBMQ4CTVobyMO83qi51SXod1We8MAn2FthloX9LQzjsPVvL/Y+S51h7UKKPnH9upcc6X6RiRLEOp8BRsl5yd3+Jdwl9bGZvjGVxVDBwNP8NRuqiZJtYA6e5QmwOxTV+MNwtVOKh4QAcIgfSlKDKSSZm0BphBuYyEJ4Aew6OgNsHD8byfU3dHcwzU8SRbaTZe+Nb55Mr/W+09oAkgeTJjR/h5Me/LGGGR4r71OiM6KVhJ3T+tBl1iwIs0Ye1qV08GHNsI2RkKrdqjMmqLs7bPVpuMdTs78slqUYG5mZH4cS9GNHpMiXq6+vX0ELzKx/eM0EMDszzbeFpxpLjlswFx7rHHLnl6TG9sLjlIw2OmwFmQyOLBXC,iv:/NRQtNzPnVIvQhajp/OUzTygWpleYWT8RHLsL5zHiaE=,tag:eZxj+4GC0lOPZ2x996Cw5Q==,type:str]
|
||||
ssh_key: ENC[AES256_GCM,data:Tznd7jifHBRcJY1kISOVGnmXYuHM8GBEaz4XdPfjf/uNFdloNy8TkBSwKoAmtHn26z0UI+bjtZLvRkSqdyZSD37uILLNxQg3pLO68i1CPduOD2enDWri0pIL3bLM7YA6Mh36cW1jnz1v+7oz6sQLZesX4RmtMgBsomBjWH3OAXdERHRKCSKtCIdvLwORJY1K2C+WcizjYdQIEqDP3V4h+nPkj0Ifc3c3TWCCk7jAHH7mjcOyGsdfls3SGErMTFTCyOumi9TPcABfcXTgy6VGr5NQSjO7NOAMshgZsOs6ePSDQCicPRsYYxuHhPID83AXnx/T414xLrdXAa2ms+9LSYxe+2TUpNMEUbTm+j7fpgv24KN/qbAEKT51Jk5MBVyGu+T95l5F+c2063wyqhHt0bOc3OvZw7TNI55JmrFteqDQ791+KByRXK6U4D1tmnCV5mtEAGM74GNg28RRJPxWWia2oB9q1XuCFrROdHHrsmek0IDzHJoUFzyzFefFlqF7Mkz8XRG21GWXGUxZWxqg,iv:W/J5jkwuOqS5TO4E3O5FXjG4zzJ9v1ulv5WLsfOPyek=,tag:nohAtERvEMxhzQs7NNcLTg==,type:str]
|
||||
syncthing:
|
||||
key: ENC[AES256_GCM,data:r4kihzg6FcZYHqchcu+8k5N27ZwdrXkQXyJ1QM2p0kVSiwTPq5n1jQCI8i7bCXckBkEv5IQmSOc3kf9383EM3XH3Q9zDqw2z4TEHWo6EBI9JalPK/4UC6gRpN5bTJRpwUlZ5gnhM6ifcl+OX6bdU6zSS2MtFqL1ne/CVJdUoGLHV4BKNCF43CBgIcJG+o/iOt0P292/PozrRRL3nCHxB8TCIpfUDjyeQYGAvBuQy1/WDUJoBLFIOKVYmzo5jbGwScVrUIg2hT+KIuv4P4ZVkBBgx0avOi9JlTglOh2kS//+F0+nT7+XQV/Fo/AwSE4Y1MBZCaxtlb+C89DRcrR5oqFbPLA11oynPHrMryPgyikrtRKDnN52/8UNVMaJgK04E,iv:w3ItAGO/LZxqtLNLu9R0nrcUezIBwe9aFqY2kY9gY0s=,tag:shC2Qo9vF4o3I/RXjbTXoA==,type:str]
|
||||
cert: ENC[AES256_GCM,data:k3LEq2gEcoM3x1xEtFzbvbd04LRYvm15z5Cm/t07IG2fVvdtPWy9Dsha5Crx2CEnjB4Xtf7xdCOTaKr/OeZnUf+iK67e/xj6St1Q2n9ua20/+82nUxFtG2ItXH+iu5rkF7IIsXuVxE0WNAXxC8M+xdDt4KUOJP6e/GSv+/8KA1N4fOiW1N5EUpLwuN7sAwaj7YkzUJwHiGrUw3qTYRwXU6j/hWA3vtw8Z8latWW3+goaD9/aDSMHzSE5Pdi2/GQ1Ll/UVc43nRUYgXL7H9grOrXiI3sdPpc42MeFUpNM0AGJp3M6tepUsLIuA9L54wgqaQVrGO0RilBMtMrAb1tUoqLqEB0CM0VqNDBEWyIzDKIfHtQWta/1fIxzo5bKoJcJ6UG2qrZ5ru6sX387sGi8QcC9uN5ko6oZesdOacw9z5tvFDQrk7KvfiCtvHj+AtPxiLrkFj3EPoQK1vXzy4IyanIDJx46WtuAURTHmBZms2KBLPKLMYzWm9qdq8dW4sadbaSofzwquj4HaWuOIugSdjVlSdzBj+KI/nIRde5uWunpnr9AYHrf3lPgl1tkduQpL5RRu3je4RQ5dNa+TNkcqacMTF/3Q34uJXBkp99LpK+8fXx70PKm/PmnHOQgeK7WJnz2kAeSc6kBhX+sh2w1KWBG01ptc0Ixi7xrC/6fgB4pmkKdryMFsZ/PML/VOwLxbkbrzsHyK1Zpw8jV03oGTwz76IaDpELqpfX2rD3GztS58mYXxJn5sqyTIFKjLVX05jB77bjYk5pWLQZasHpdU5wLYg6AHCe2wEIfbu3y3M4XVEfCiB/d+P370T1qLMbxeTYMd1MtD4oq87Bg7brlCy64LWhOwW/Elu0oeBqHmpoXwBc6aoIBH8a+uK4ZWm87N/oJha1zzsh0+0Z3NdinAL4ufjrlKQBGJRZj7NBKdQfnKZXM/ELLEQD2R6UxZUsFnmrXEN2AuAv+KZtoImf1oOOGXiaIDPEJNvGlIT8fZ8cQViYRxzGjtkbO5p3FHpn+/DdcEke+/4ABqNZ0hHw+98U6qRlvcQ==,iv:80pejP5/F/uLoFuAwg1tKjwq5hQjowhpBT6/+ipPW0c=,tag:zccXZgI/KT7+DPbqyZWjOA==,type:str]
|
||||
|
|
@ -46,8 +46,8 @@ sops:
|
|||
NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX
|
||||
s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-05T17:48:15Z"
|
||||
mac: ENC[AES256_GCM,data:4Ec6ulV5T4EJjrQmP4kFeMYTsKlaHqkYfia/VJAnioCuQKtyr94nk/kPHpGjl6Yg7eNiKFfOCqmq2+1cLWp90Wb0wlVv/7NddKXsPPNHiPr9qlOuAfdkQqX7FvkjC12/KpGDZSbgXCo8X5qejbzbwrBYcv8LJAg30Yxeu4/H4eA=,iv:Y+mlysd9jLf50gRX6y6GVhM/ZJikyy6PyAyhM6uhSPY=,tag:49HXrbnHkuuV+cGZb465Xw==,type:str]
|
||||
lastmodified: "2023-02-07T21:57:18Z"
|
||||
mac: ENC[AES256_GCM,data:cM31WP4jhxWs0MlIkJ4add1/zftuuWeDFRSlbpQ8k1rIwAFBsxDNlVoLZ3DrWvEOwvpvRkunOwfYgqJfk1fNC6oEPqbaTQKgQWbQMOoaTzgQAq9/fHB5h65+OMb00AaIbGqbaMj8LeJ/wJyQ+8Kc2+orKerxaM4lNlnPVwdjRHY=,iv:aSWoM2kIt7m6/Lx5609BirRK/NgfK7qLfXkPslEwPpg=,tag:Fz5XF3m+9Qgk3W2hxvA00g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ wifi:
|
|||
bismarck: ENC[AES256_GCM,data:6mcU+o6GiBelKq5Av2hJdHigf+yyQRO/qXV0DbGeri00CaO1cjjGka86C/t0NAoh8EaJeLPd6lZQspeUTIdqJMleQLhmq1zk1qGw65fvEphCsWkKUsUd6flWODdmll80mmYLpllX6hmZ8I/Of7EVZPn4WEiw4M2HB1UCw5+M0W2H0MJrjlskafbL9+uYtMeoUikXVMTYNAkX3+9+MZi3KzDMEc6JVt1fQZHjXkdeKx+2iVsaXEtXL72Dbj3ihlpA+WRhgZOmrrbablYde71mpzSuQ/yqeTZT+2NCMUmkYaj0dGz4FW0gJMPzjHjji8CopeOK7/CQM/MMWGFJXR2Xdea8X/YdDoVAz34WraGylYzK9e7a1C+s37mekt6c/bvuiQ==,iv:DH0LDw1pZ5m9RScJ3+IhjUb5JroLLOJ3jru7DwCKXv0=,tag:r57fz+W2nEybNqOc8eEDFA==,type:str]
|
||||
borgbackup:
|
||||
password: ENC[AES256_GCM,data:vXa1LO8Akwume5PVsxny59H5FDI+HTo=,iv:RKiriS4VHP3HDMRPS5e3Fz5rsDMpqQpZgC7XFI3hAWU=,tag:XHZNH4cLJzmSuF6k+gJ3cg==,type:str]
|
||||
ssh_key: ENC[AES256_GCM,data:lPltqfDi4j/IIgM5mvcwuJR59dwSChSmynklueX/Q8aQK/5dHVZyFw9bxtzUlEd1X8VOwVcPoR1mMRm1dgmonDk0/5WvjNXuQDFh/+hFeN0/Bz4F511rccE5HHkCvjHcKymxOiiQKeSgOUu3HrDiKLDzPInrkSoBIFh3s9PKoZrxDIFbsv7PlYi1np8NEDnb/Hgsk7Aaha3JBuoRCj/K/A4b4XTrm5Cwv6XNewD7wfPhWWzLealeTUkGIeka1XetAeTMHkSjY9Tm0fP1ygCCMR6Y+nrOgrdQGIIQ9dc/MlUDFSNaP2WKvVVDvbHTmnh2pZlBuKBMiYMqwqf6T1xf/CPS/b9DbPltCOFVqtVw2L0xTeR9/b1LQ0jZSPvZfEYuo3uLsm11dFlljSOXvq+Yu/IBezh0e3ma6JgET5XKED++aRw3DtKb+X4c8AITgxuAsBZpwOXz09PQe8niI1WWcawYDctiNBMPrQ7A0Bf0dbqldGebM8FI8vCTcaanUPmUTe9938PTUSZFz+BYBvKiDefPWS+VTkwBbPG8,iv:S/tTRC1nM7J1x7i3EZqo2xfnJDneRf546MCbIGJJUmY=,tag:dK4TGqcgTFkHwj60EWQKQg==,type:str]
|
||||
ssh_key: ENC[AES256_GCM,data:HbGwAzKl4/+ubkwELA4wyC3c65gi7UzRZh5SAwa/H/Y8Yf2BM3JOL7dd/X1RanPrqV6SejQDgNpCc7MKzr+ptg8kITLZiHKESZjW+NEraV9v7JDEaxfPlL8KFzniG5dqaLHOKuBZ6CMmXnVOcsYg1ANQdLOFUCvxRpmi1HsV5x1EwkmZV/J0Za6C10sgqdGX1y5mYF3SP0WHdqSShFkS8oZaSOfA50pVL+BVlaxnrAUQaPC2QuRsv5kuV7QnwI0YQ4znNRcRI5AeUuv8dTt8NFoTeeytcM/22zSUwskTs/ity0V/o9+Z1/4RUnGcXQW7yI7Scf2Wcg/BwY0TpQhxYUEx0TM5mdLEgjTV66DSqbYpJu8NBCxIP8MMj97vwf6v1Y+p2/SdkkLrBop1vdb4eMtH38wCQCTrIhYx2T0M44X7Jq+l3FOng0+Sm30GXK4B5o97YCxEEZlrLSDquo5QP20EqrWWwdRIJboh6H6YDal3T5ptlZymAfzOIbT689SE8ZznT4cdcj6YZJB/2BQV,iv:kDNaLE93XCHQ7Hf6UqzTlSz0GxIhN/HN57iJ8Wnn3GQ=,tag:jA180VNe5l7OqLB4BPZ39w==,type:str]
|
||||
syncthing:
|
||||
key: ENC[AES256_GCM,data:SilpQP29PbI6JNGX5/Ij9YDdwN5a0rDRKicduLZizoIkwPM4zhs4PHlQDhf20Q9IE9OLxI+6Ik57e28iPY0KDL5M/Qg6sPvUaOZBriM24dCYnq8MQMncfI2AnmUSLbelSkoumxlkhOdMjPWNhh1+qoNRQadLC7RTOcrr6rv7POEoHRMJye9fyMMgmoZqWNw9bGJOV5o2O5GGx/mSJDcaxnmNNXmhJ+HaCYOU6dJ0CD4ZiAGIchOwt5H281r9Fy4qQNoQh9F00adv4X9/NN2FsbN4z9HSqikYLDtpRC14Osw/qIJ1tHK4r1KL5azmsJTG7lSd0V57LA5PwWz1WX5gMzWd6+K85mjw6YvvteektFI/PlYDzQml5R8gn7CAsTIU,iv:cZnh6Ql0n4ruhow3XwESnrwGI0L/3R7KmaqG+WjwVcY=,tag:KH0aODHRPbIM2qUse3CGuA==,type:str]
|
||||
cert: ENC[AES256_GCM,data:vuNG3zFkAFY37xXCAjHya+Y5p/gWbEslUEPMyKDpm3j4xJD7rWIpxySj6LsDIW7iC4L/5JsLlTnTsNZWrhpmTQmKKVw0likKIhD7cFsS/21c7DkfxHphHW5wfYIPUPtLXfUwmrlZ47WWYprOuXNX2CMMVqS1WIV9YHc3Vn+p3qZbcPPHz8P+294CC3p6HHhtiAaKtYGFWY5gLVVosTz+H68TqnWRkCgc1kXN3nv6JDltsQiNvocLg6PZxJT3jTFB5+Aki1G1mT66wqWB9FBylSxAJhuE7Ty/9h5YfLRcrCu2RvlRW26s4Lbnu6UDmdNyp2aU5AZJp4T5+JLm7fpUdF0mLweHYk+wDEM1SQo7Mn5GLMABty5v9HzPxXfAjYlfIUjl1J5EhIlvKhF5y5L9Q5hX1yH5fqW7TCBJsjTLku4cz7zS3VutwzOTkBqlx8MRzUMSOL+3AMzuYaNY21/Ou5RC4nNDM4610kx1BTd08ves/4Mi4nqm9uFROLQ/0K2REIA1LgHWY+gtpAPQbiGEYe9N99bRtlN1kurknzL0U4MoNPpkjuzFEZIgDfhyNNWvUJW/HEYKOtDBhyJcxZFNhy0oZZVW9MBhVwqTKuxsiQvL1QDxIBTEsacnW8b1/GS/Q0nFSXs6fRw1B4Zs4a8BSFzv8m2WFNbJmXos5xV2d+tnkKz26YMGNZT6peIVk4bTIs6/cAafrg5dJrWDshAYONk0Xwqx3oaG4hmG7aD0EMnlynHpCz/RpaKziLkdC1FIUYpiH0YuVbQK8NEUIunrmU0q9ERCx+0ycnebXXtjKi0U2YTv/5I6,iv:NZr0LXtO0zNOv0LmD8wLZ829kgwWtPCo637UyzqSD0s=,tag:3mQckI1jSCMzsHQWFPoMgg==,type:str]
|
||||
|
|
@ -33,8 +33,8 @@ sops:
|
|||
a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa
|
||||
jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-05T17:51:07Z"
|
||||
mac: ENC[AES256_GCM,data:D4XJPQMAIk2jVi1d1mdQBZ3dAXgFAAsON5ygkqMso/GKIUdCv6k/fOxOX+Ep1iilSX6t34/URey0AHiqfOgE9RE0iexqA0JErrQPYyimpD8S51dRVpTKz7tKA1oORnalWrxo0qh1gYidfkFjgskcILv3/t2WW/OPHBIM6kBj7m0=,iv:kWcR/3juOBtSP3YU79Bku1MxpDyhD3drmDsEB2axm+8=,tag:jSZeNrmttCs7lRN2CC3xUg==,type:str]
|
||||
lastmodified: "2023-02-07T22:29:17Z"
|
||||
mac: ENC[AES256_GCM,data:Vb8AP9z/bB9tfmu1ZGmjGlrqnrHvARKKvI7xB+55PVBDvY160BP1EriBFRmvDfD8z9rk6FpEvurH1fF96WORWD+AauhPBIICyohJXvX5DiytVApYZJljDSoImERmD7G471x03XrTG5JLxNDiIOOtrRaL5+cvPiI7iHAF5fAGZws=,iv:i8wncuQ5nGRfKuLgYc7/He/HpKlGT8CkIWom3p3cOGg=,tag:5Sx9ycXknYigXiPkQqLLUA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.my.services.backup;
|
||||
borgbackupPath = "u181505-sub1@u181505-sub1.your-storagebox.de";
|
||||
in
|
||||
{
|
||||
options.my.services.backup = with lib; {
|
||||
|
|
@ -12,6 +11,25 @@ in
|
|||
description = "Password for the backup";
|
||||
example = "/run/secrets/password";
|
||||
};
|
||||
|
||||
sshHost = mkOption {
|
||||
type = types.str;
|
||||
description = "ssh-hostname for remote access";
|
||||
default = "u181505-sub1.your-storagebox.de";
|
||||
example = "test.domain.com";
|
||||
};
|
||||
sshUser = mkOption {
|
||||
type = types.str;
|
||||
description = "ssh-user for remote access";
|
||||
default = "u181505-sub1";
|
||||
example = "max";
|
||||
};
|
||||
sshPort = mkOption {
|
||||
type = types.port;
|
||||
description = "ssh-port for remote access";
|
||||
default = 23;
|
||||
example = 22;
|
||||
};
|
||||
sshKeyFile = mkOption {
|
||||
type = types.path;
|
||||
description = "ssh-key for remote access";
|
||||
|
|
@ -89,8 +107,8 @@ in
|
|||
passCommand = "cat ${cfg.passwordFile}";
|
||||
};
|
||||
|
||||
environment.BORG_RSH = "ssh -o 'StrictHostKeyChecking=no' -i ${cfg.sshKeyFile} -p 23";
|
||||
repo = borgbackupPath + ":${config.networking.hostName}/";
|
||||
environment.BORG_RSH = "ssh -o 'StrictHostKeyChecking=no' -i ${cfg.sshKeyFile} -p ${toString cfg.sshPort}";
|
||||
repo = "${cfg.sshUser}@${cfg.sshHost}:${config.networking.hostName}/";
|
||||
|
||||
doInit = false;
|
||||
compression = "auto,zstd";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue