Fachschaft/nixConfig
6
2
Fork 2
Code Issues 10 Pull requests 2 Projects Wiki Activity

Move secrets to machine config and improve fsaccount mirroring

Browse source
This commit is contained in:
Gonne 2024-04-02 09:04:34 +02:00
parent 326cc52c2e
commit 72610eb2bf
2 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/borgbackup.nix
View file

@ -121,7 +121,7 @@ in {
jobs.fsaccount = {
preHook = ''
mkdir -p /home/fsaccount/sicherung # Create if it does not exist
${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
${pkgs.rsync}/bin/rsync --rsh='ssh -i /run/secrets/backupKey' --recursive --delete fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
'';
paths = "/home/fsaccount/sicherung";
encryption.mode = "none"; # Otherwise the key is next to the backup or we have human interaction.
@ -161,11 +161,5 @@ in {
}
];
};
sops.secrets.backupKey = {
sopsFile = ../machines/bragi/backupKey.yaml;
owner = config.users.users.fsaccount.name;
inherit (config.users.users.fsaccount) group;
mode = "0400";
};
};
}