kitchen/rice
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add agenix and borg

Browse source
This commit is contained in:
buffet 2022-08-22 18:32:26 +00:00
parent ac489b01da
commit 2945f5d00d
8 changed files with 79 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
fanya.nix
View file

@ -1,11 +1,13 @@
{ {
pkgs, pkgs,
agenix,
home-manager, home-manager,
... ...
}: let }: let
password = "$6$FHwMlUwmRdAsPqS4$4XND0L0EEVf2Mhc/tvo6y3ZLIrMTOlsIZrG3w69EeXvtVZhdeNyoDOkPNIe.GBB8.PrchuUKDacqbvcvyuPkt0"; password = "$6$FHwMlUwmRdAsPqS4$4XND0L0EEVf2Mhc/tvo6y3ZLIrMTOlsIZrG3w69EeXvtVZhdeNyoDOkPNIe.GBB8.PrchuUKDacqbvcvyuPkt0";
in { in {
imports = [ imports = [
agenix.nixosModule
home-manager.nixosModule home-manager.nixosModule
./impermanence.nix ./impermanence.nix
./programs ./programs
@ -76,7 +78,6 @@ in {
users.users.root.hashedPassword = password; users.users.root.hashedPassword = password;
# TODO: borgbackup
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
systemd.coredump.enable = true; systemd.coredump.enable = true;

21
flake.lock
View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1652712410,
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
"owner": "ryantm",
"repo": "agenix",
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -70,6 +90,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lsp-trouble": "lsp-trouble", "lsp-trouble": "lsp-trouble",

5
flake.nix
View file

@ -3,6 +3,11 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-22.05"; url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

3
impermanence.nix
View file

@ -68,4 +68,7 @@
umount /mnt umount /mnt
''; '';
}; };
# workaround for agenix running before /etc impermanence gets set up
age.identityPaths = ["/persist/buffet/ssh/.ssh/id_rsa"];
} }

25
programs/borg.nix Normal file
View file

@ -0,0 +1,25 @@
{config, ...}: let
host = "11967@prio.ch-s011.rsync.net";
in {
age.secrets.borgpassword.file = ../secrets/borgpassword.age;
services.borgbackup = {
jobs.backup = {
paths = ["/persist"];
repo = "${host}:${config.networking.hostName}";
encryption = {
mode = "repokey";
passCommand = "cat ${config.age.secrets.borgpassword.path}";
};
startAt = "daily";
environment.BORG_RSH = "ssh -i /home/buffet/.ssh/id_borg";
extraArgs = "--remote-path borg1";
prune.keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
}

1
programs/default.nix
View file

@ -2,6 +2,7 @@
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./bash.nix ./bash.nix
./borg.nix
./chromium.nix ./chromium.nix
./git.nix ./git.nix
./gpg.nix ./gpg.nix

5
secrets.nix Normal file
View file

@ -0,0 +1,5 @@
let
buffet = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDci73LlPFhg9Z26jnuGMzGEh0jO192alsLhSVUE+CIOkRfkeRonJ69WxwY9kBFAa5PyY9zrAr2XueLWaQAaHJdmHyWbXmMJGtqsx0oB5KU4aFL8stJGkr8u6Bv5HPpkGr4PyqGkzKEPirUBYOMxXW3KSuP5LCTTx+UVoEFhIRS+j6w67ZIjyEHalwZAVJP8sp1GJkk9eQkmoJjdBt4qxAoBRaZp8kTzdKJezJY1g0f+JBI+0ZUDPS2IdAAXroVho/ea31gGFRsqazbP17Tpbiy1H4dQwTc19YkyOYu7R4klRrOVjzh/CBYgTUmIV1czUISG6KEGfgW4IciYSc6R5IGo+GCf3OsNVDKjjgxCvCLLx03KsBZJXoQJlZ/grfoQ0aulUR/hDeAyOU/bE2XjpzkNiYKhlMd7gEN3AC1iCjsYNL+6Nr82GVpn5XE0UsDYFJyZ//6zI4ldNnCcuYPNgyE9VabaUh0WuemkhdTe/SKIBOQfHSLFlEAZVWVGUQV/dvi5HY9Ie4nIHtUU1IdeNiCa+OB+KxIE5a9+2h5KJB2NPCyPt1TImqS/OiXaQlihEPsNOyKqbBiN/4LUPtixAGbnbdzBwmdP8Pt32Y1ehOyBoDxLv36R1hHP9Xn4C+KUX35lhpfToSRVvWvVUcDDZVq3kUnxPV22BTs3kgLG3rJ6Q==";
in {
"secrets/borgpassword.age".publicKeys = [buffet];
}

17
secrets/borgpassword.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa 3ONyjg
UTq4McHWeqEvIq7nTAaPLC6EUp+UzuihSfNEroimDaM46dINxRxPmltikpQldbzA
ACgHOutO0oIG5VKNrb8AwBwjUp6daO7UhhVYPOByxy6Y4jVZOnPkY/+U0Btv5/M+
iezYoPBwp7P6ATYiujfe7+JZWecpq18ArCmmOUsjYAyaS7lrFkgPDnAjPZLuP1ow
rL4lkGOnSeKq812PBFoeHtXLEAOOoUoSrCKM/pnFJVMOwoY0aXTwiUg09VBjbE2m
FXM1rWpElK+3mU+TtNLtlY+i4/PZ0M611mm1WoE6gKvWwAX7rQFg+LMbKxircM7o
yH6PwRM82qKvG79bMqtRviOkkkosRneAJs0a0CNWP5hAUebbGPM803yXVY5ahOEg
TlHN5SeDfAeC8E1ZgKNGn4StMqJaHgs1obBqqf7AhfpA6A54Vr8dVtCLlQrNmK5k
BfIzOs+AruRLsn0G3CsLl4xtFXriiqo1YL2otgfnNRRUI4cE+NDLxpLKhqxQoBA4
b+j2zObfOBGyYyxvC5AXUEU/NTH5ZI9MT0+q5ZPM3oJc/LBqHxZLMT08LAbrjMew
9tx/B7kIwDKdWbXQnMWLc1R4biBcCLci0JNnqayTXDX9sFuE/ZtlynkEQNnblot8
7kTUr7xS6z3DrYZ13UaFLykHgG6RG0akPLfQCceAMwI
-> nK-grease K Li~\Elx DV6kZ"
Wz3P
--- 5u5c2AnSqsdte7OH1t+7BGld7cLWv3KFCZqVyMsAtkk
ªÎ ÃA*?<3F>IËè1ùŽÓÜXP?23 çŒÞD““`¥™x.P£5;r¤{•²BÐÀ |JÕ#jvùšâ ù×<C3B9>à‡"5­®|JF†&¸þU­Š´N1Uð~ºÀwÊ<>ÇòÝ—¦M2W»åY³ÛpÑãýËȨջƴç v­5%öê€ ˜<>9W;w„Яrf)²Oë$°vw$6