Move secrets to machine config and improve fsaccount mirroring

nixos/machines/bragi/configuration.nix

@@ -1,4 +1,4 @@
-{
+{config, ...}: {
   imports = [
     ./hardware-configuration.nix
     ../../roles
@@ -12,4 +12,11 @@
   # System configuration here
   networking.hostName = "bragi";
   system.stateVersion = "23.11";
+
+  sops.secrets.backupKey = {
+    sopsFile = ./backupKey.yaml;
+    owner = config.users.users.fsaccount.name;
+    inherit (config.users.users.fsaccount) group;
+    mode = "0400";
+  };
 }

nixos/modules/borgbackup.nix

@@ -121,7 +121,7 @@ in {
       jobs.fsaccount = {
         preHook = ''
           mkdir -p /home/fsaccount/sicherung # Create if it does not exist
-          ${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
+          ${pkgs.rsync}/bin/rsync --rsh='ssh -i /run/secrets/backupKey' --recursive --delete fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
         '';
         paths = "/home/fsaccount/sicherung";
         encryption.mode = "none"; # Otherwise the key is next to the backup or we have human interaction.
@@ -161,11 +161,5 @@ in {
         }
       ];
     };
-    sops.secrets.backupKey = {
-      sopsFile = ../machines/bragi/backupKey.yaml;
-      owner = config.users.users.fsaccount.name;
-      inherit (config.users.users.fsaccount) group;
-      mode = "0400";
-    };
   };
 }