Gonne/nixConfig
1
0
Fork 0
forked from Fachschaft/nixConfig
Code Pull requests Activity

Use sops for private key distribution

Browse source
This commit is contained in:
Gonne 2024-03-21 17:50:25 +01:00
parent f95860f000
commit 3a8fd7ee40
3 changed files with 48 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/borgbackup.nix
View file

@ -116,12 +116,12 @@ in {
jobs.fsaccount = {
preHook = ''
mkdir -p /home/fsaccount/sicherung # Create if it does not exist
${pkgs.rsync}/bin/rsync -e 'ssh -i /home/fsaccount/.ssh/fsaccount' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
'';
paths = "/home/fsaccount/sicherung";
encryption.mode = "none";
environment = {
BORG_RSH = "ssh -i /home/fsaccount/.ssh/fsaccount";
BORG_RSH = "ssh -i /run/secrets/backupKey";
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
};
repo = "borg@localhost:fsaccount";
@ -139,6 +139,12 @@ in {
}
];
};
sops.secrets.backupKey = {
sopsFile = ../machines/bragi/backupKey.yaml;
owner = config.users.users.fsaccount.name;
inherit (config.users.users.fsaccount) group;
mode = "0400";
};
# Extra user for FS account backup
users.users = {
fsaccount = {