Fachschaft/nixConfig
5
2
Fork 2
Code Issues 7 Pull requests 1 Projects 1 Wiki Activity

bragi backup config #28

Merged
Gonne merged 5 commits from Gonne/nixConfig:bragi into main 2024-03-30 19:10:30 +00:00
Conversation 1 Commits 5 Files changed 6 +9 -1
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit e340a7eb75 - Show all commits

10
nixos/modules/borgbackup.nix
View file

@ -20,6 +20,11 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.borgbackup = { services.borgbackup = {
# repos are made available at ssh://borg@hostname and served according to the presented ssh-key # repos are made available at ssh://borg@hostname and served according to the presented ssh-key
Gonne commented 2024-01-08 15:05:41 +00:00
Outdated
Review
Copy link

Perhaps we want to create these repos by a function that only takes the name and the ssh-key. Not sure if that is worth it.

Perhaps we want to create these repos by a function that only takes the name and the ssh-key. Not sure if that is worth it.
Gonne marked this conversation as resolved Outdated
nerf commented 2024-03-01 16:36:17 +00:00
Outdated
Review
Copy link

where exactly do these keys come from? Can we automatize this? so we either just need to name the machine here, or completely automatically by virtue of beeing a machine?

Of course we need a a mechanism like this for legacy non nix machines

where exactly do these keys come from? Can we automatize this? so we either just need to name the machine here, or completely automatically by virtue of beeing a machine? Of course we need a a mechanism like this for legacy non nix machines
Gonne commented 2024-03-03 18:22:01 +00:00
Outdated
Review
Copy link

See also #28 (comment)

This can probably be automated (?) but currently no Nix machine needs backups.
Thus I would like to postpone it.

See also https://gitea.mathebau.de/Fachschaft/nixConfig/pulls/28#issuecomment-565 This can probably be automated (?) but currently no Nix machine needs backups. Thus I would like to postpone it.
nerf commented 2024-03-03 18:41:38 +00:00
Outdated
Review
Copy link

Can we then put a comment like:

„Congratulations, you are the first person to make backups from a nixos machine.
Your won the task of automatizing this endeavor, so in future we don't need to hand copy any
ssh keys anymore“

Btw. I don't think this is too trivial, as the public keys are needed while config build time, but the secret keys should probably never leave the machines.

One way would be pre-generated key-pairs that are deployed through sops.
(But then we should make sure to use dedicated keys for this task.)

Can we then put a comment like: „Congratulations, you are the first person to make backups from a nixos machine. Your won the task of automatizing this endeavor, so in future we don't need to hand copy any ssh keys anymore“ Btw. I don't think this is too trivial, as the public keys are needed while config build time, but the secret keys should probably never leave the machines. One way would be pre-generated key-pairs that are deployed through sops. (But then we should make sure to use dedicated keys for this task.)
👍 1
# If you think about adding keys of nix machines:
# Congratulations, you are the first person to make backups from a nixos machine.
# Your won the task of automatizing this endeavor, so in future we don't need to hand copy any
# ssh keys anymore.
repos = { repos = {
aphoom-zhah = { aphoom-zhah = {
authorizedKeysAppendOnly = [ authorizedKeysAppendOnly = [
@ -138,7 +143,10 @@ in {
users.users = { users.users = {
fsaccount = { fsaccount = {
description = "FS Account backup"; description = "FS Account backup";
isNormalUser = true; isSystemUser = true;
home = "/home/fsaccount";
createHome = true;
group = "users";
}; };
}; };
}; };