From 72610eb2bf4285f4e080a514113bc8cfdc16e8a7 Mon Sep 17 00:00:00 2001 From: Gonne Date: Tue, 2 Apr 2024 09:04:34 +0200 Subject: [PATCH] Move secrets to machine config and improve fsaccount mirroring --- nixos/machines/bragi/configuration.nix | 9 ++++++++- nixos/modules/borgbackup.nix | 8 +------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/nixos/machines/bragi/configuration.nix b/nixos/machines/bragi/configuration.nix index f74fbb9..dd2ecdc 100644 --- a/nixos/machines/bragi/configuration.nix +++ b/nixos/machines/bragi/configuration.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { imports = [ ./hardware-configuration.nix ../../roles @@ -12,4 +12,11 @@ # System configuration here networking.hostName = "bragi"; system.stateVersion = "23.11"; + + sops.secrets.backupKey = { + sopsFile = ./backupKey.yaml; + owner = config.users.users.fsaccount.name; + inherit (config.users.users.fsaccount) group; + mode = "0400"; + }; } diff --git a/nixos/modules/borgbackup.nix b/nixos/modules/borgbackup.nix index b5cbe40..784981c 100644 --- a/nixos/modules/borgbackup.nix +++ b/nixos/modules/borgbackup.nix @@ -121,7 +121,7 @@ in { jobs.fsaccount = { preHook = '' mkdir -p /home/fsaccount/sicherung # Create if it does not exist - ${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung + ${pkgs.rsync}/bin/rsync --rsh='ssh -i /run/secrets/backupKey' --recursive --delete fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung ''; paths = "/home/fsaccount/sicherung"; encryption.mode = "none"; # Otherwise the key is next to the backup or we have human interaction. @@ -161,11 +161,5 @@ in { } ]; }; - sops.secrets.backupKey = { - sopsFile = ../machines/bragi/backupKey.yaml; - owner = config.users.users.fsaccount.name; - inherit (config.users.users.fsaccount) group; - mode = "0400"; - }; }; }