peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(restic): switch to age-protected secrets

Browse Source
This commit is contained in:
Giulio De Pasquale 2024-12-06 22:58:46 +00:00
parent b4f4c69c42
commit 0b4b32c290
4 changed files with 71 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/architect/backup.nix
View File

@ -1,11 +1,20 @@
{ config, lib, ... }:
{ config, ... }:
{
age.secrets = {
restic-passwords = {
file = ../../secrets/restic-passwords.age;
};
restic-environment = {
file = ../../secrets/restic-environment.age;
};
};
services.restic.backups = {
backblaze = {
initialize = true;
passwordFile = "/secrets/restic/data.key";
environmentFile = "/secrets/restic/credentials.txt";
passwordFile = config.age.secrets.restic-passwords.path;
environmentFile = config.age.secrets.restic-environment.path;
repository = "b2:architect:/";
paths = [ "/var/lib" "/secrets" "/services" ];
pruneOpts = [

29
secrets/restic-environment.age Normal file
View File

@ -0,0 +1,29 @@
age-encryption.org/v1
-> ssh-rsa QXZdow
muUhcAzcKFoopF3H69fYU/CzBezvnBhgBKUqmFqjWVpLpzU/h75DPUMZcpT59dP1
rjJw8KEevEn6wnEG6KM5X1qKlQGKNYv1Ei8bFZ2KkIHQol77KA4UwfJOkZ75miNI
ZqYN2YT1acBtZVQn4Z1nsg3BKMKBFQVEvBmNh2tV38Zgnw3bPU06BKX07/gbaYvd
JGFWDik92eVkgHO5LPiIgQEhP/blCv28ELZ9CkRJXmz6Z+r7AINfSUwhRTLSG3E9
D5mYFcFF7mdmH7BFEvuk1kJiIxlrQoMgDa/8csmAYr/ma8jAb0fUK1vih4vdYPGL
Q2lHQPXJ7eJoYtn9mP3Bo8mRVuwYHyaSyKMxt3UEgCPJ4QI6N23Z7+7j9hJw9rNK
z9yheUaw8srCDz+ZLeSFvZ/gNLT7moTBYnjYPnsx3kYqKLNHyzTBKtbtQhI0PIkO
9ezOmH6GBqocEjA8XZ49VgB9+NWr/UVXI9qx+TNUTTzFyAZstcqOn32xCaRzPSBw
cpgPyIgWJ7wVOAWsevBSNqSntew0PCrStWKODiHGen3Z3lOCKeQloD9ANuF90iT8
7Ub0aGHMSlb3V6vX6lexc6mLF//ybtpvZ2FSyZfnj2iJRu8FAGdYpN5Ci9pfaTgF
v5CcQ+PqyyvPTgWBY4R244Vg4WKfvua65GAL8oxTERs
-> ssh-ed25519 7eGqHw I5j3zjd1QQzfFQXjZx8bC+wH3HkGOx2tJHlYax8pfTI
0+fXs8fEBjTXvLaTZH2QDWUIOT6+ZakpVyWGhOIm5Z0
-> ssh-rsa tO3rGg
OjfxuSAoX27FdTmDHfx7lYwYLP526SHbwNMuLwg2jdQlBbHZ3jsIDrTwTBpm2Q8R
K4T5wOUlicWvHz2RLQmjlrU9F0ksElhE6ZaqjgvBa1fIFFPNDm3Pl01Zs/NHnNGn
tetIDCkgWHqS/LtQv/RNzHlqb1H360fQLwPNamxR+kECpR7jy2aujsQxcilzPW+h
+s29T1CRTFd3kksW0cmiEXAH+nz8Orhz4GdJfFiIYmzUD/U/XsfF7V81ABrYBtxG
DxVqk5zwjYlCckyegMhjkKkpcJuZgkF0OpC9znxgy1s49irgJ1LNHuL9XvuSn81Z
U8/7qIXwumpx8hl2Fp52/qfu+z/Sgb4sNGdDwDabryVMM0iA44sW3A8968aEnU4+
ij4+MHuoiif9Gjd1OzxIpugg565hmbrpJHmLz/bwxSVuj/Q7EqfN4Q6WoXA4LPm+
D4U74W1rCqUY2lidiLG9xHjh48WVCyPaMMDTm/fryfUmbDU6tfgl+HedMQShFuut
--- AOqar+uICSyq8I8qWgkRiMW2dY73yezKi0RHaTmsbC4
 Qcv"àð·i;ïÕ`6Ï?]ÎÐ…èǹ# {œÛ¡<C39B>ËÎ^Q†Y<E280A0>;<¯ª:¬³~Þr~bœ¨Á_ÈÊÅ#š>é­3¨`RtYk™“”†»è~Cú<43>S÷tô5Êt<C38A>Úå1}ÊBQññ
Ç †l
²Ý„›!87ùP

28
secrets/restic-passwords.age Normal file
View File

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-rsa QXZdow
tEqh6kH9Ctbirf94dBBvdYkYABBvkQYqoZEo7a3/EnFlwvkDxZoo9O8WiQ+fLhOI
jrAmdezC11UcvZK0D4KN34S1VgnQWwChTuOMWy5oTl9195GJm/1PQq8iyHFmCK63
DdZXE+MPbawlA/T+rsQghBX3TwNMYhfPw8+qfMC4A+5KhWzDPLYVidUvM2QwnoDZ
Zthek8bAOhwF/wZH7SI7QTQwe3x3kUyP3SbVipwguctRP7mNtRj/roVrfUoig7/L
SywHYmeBG6Z3kuWABoQIjF6TKS4No5NH5VKdJCtGlsSRUqJHa1GojSZUzgu0ARRK
v/Z/E6b64CnDZ1E+nZLr54PmrgjRbStqyvMxoQwYzu01TE6NU0h7aAgvk+S0AncK
AYgEkmsXxkYMSM0qUFvcGILNU5ZtyvhwS61Q13bZNM3+0CGcSv8lhQmJFrZbePmV
A1Jh+8JCxVJnNyEXLGPoofM8ds5Gtc35Iu5it5z2ZzJ3V1pRwTPzVlSuY1AygSvh
OTKg9kH4V3J311M0HJfG8CkOp8W1AvAfWagB9Y+E2KsL9riKpd9W+Rz6qB+u+q6r
bjKNy8oBEJ2xp9RAihQASeaBjK7v5bsgKy7L5GVVs9505pcKFOyWTVnbNdKsYYKs
sHW/dTVAGxf/SYz1cEpsp3ZPUe15h5+CuLf7OhI1RzI
-> ssh-ed25519 7eGqHw ws0TYpN8wBvtmJE2EsFF0Oz0v0kp/SN8nrc9eibd6m4
JKrIKa7Qescecpw5jkFcW4SgTaTtW3CocEg57rdS3A8
-> ssh-rsa tO3rGg
rn6k067Nol861dqxTId9zzWeupTMHik0597AR1vfyHJ+kBJhwNgj9bBPQYePoXcq
Ll91m0dX8TDN2RAcbl+ddxqkoedrCqa9RX7GxNG4nkAkVLAzIR3+B7cCjX06m+Mm
iI817kBXgIfy46HUtdft4D9R9y8G3RlnoPkV2msvlAAlps+tAkAsvIcMaWyWZF4U
fxOChL+RcRHUJ6mWzPU3EOES9pwmK+B+fI/25NRoWMlZDUWEJ8BEstDuQ6IORxbC
+DRGiQQCSVLyHkPI7KkXUxPeYjmitNdfAw5Cl0kn8rdXUn1AhceTfUsausqZMUOh
pSL6L8swiByy/vxO3HaNeSSVPyPVM8L9Cr9kqDTOoLJY2l1wSpNjbZrLoVunouIG
w8MyFxPxxpbPS7jPBI90kyrRfSyoDO6Va2EIW/YsVfOhYXIlA7qYe3Bo0xoT3B9R
awPedZO/qBzXVd3p+BwNwSxIRaBi5qchXn5B0kvv84tOtAlawrnKGly4mU0H42gN
--- cnd5/PWhWOHduSN+0fU4D3V2iLQE70ZSwBN8dW+YCw8
üÂTˆç"ÌHI+Ø ã‡ó^qmÆtê³Ý Y6_é½& %`ɱÝúâ­/ý¹æÅbd‡œ‡ãy4kˆ
YՌ

2
secrets/secrets.nix
View File

@ -9,4 +9,6 @@ in
"teslamate.age".publicKeys = pubkeys;
"nextcloud-admin.age".publicKeys = pubkeys;
"nextcloud-database.age".publicKeys = pubkeys;
"restic-environment.age".publicKeys = pubkeys;
"restic-passwords.age".publicKeys = pubkeys;
}