Gonne/nixConfig
1
0
Fork 0
forked from Fachschaft/nixConfig
Code Pull requests Activity

Use sops for private key distribution

Browse source
This commit is contained in:
Gonne 2024-03-21 17:50:25 +01:00
parent f95860f000
commit b03039f47b
3 changed files with 47 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

15
nixos/modules/borgbackup.nix
View file

@ -116,7 +116,7 @@ in {
jobs.fsaccount = {
preHook = ''
mkdir -p /home/fsaccount/sicherung # Create if it does not exist
${pkgs.rsync}/bin/rsync -e 'ssh -i /home/fsaccount/.ssh/fsaccount' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
${pkgs.rsync}/bin/rsync -e 'ssh -i /home/fsaccount/.ssh/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
'';
paths = "/home/fsaccount/sicherung";
encryption.mode = "none";
@ -131,13 +131,12 @@ in {
readWritePaths = ["/home/fsaccount"];
};
};
environment.persistence.${config.impermanence.name} = {
users.fsaccount.directories = [
{
directory = ".ssh"; # SSH Key with access to FS Account and known_hosts
mode = "u=rwx,g=,o=";
}
];
sops.secrets.backupKey = {
sopsFile = "../machines/bragi/backupKey.yaml";
path = /home/fsaccount/.ssh;
owner = config.users.users.fsaccount.name;
inherit (config.users.users.fsaccount) group;
mode = "0400";
};
# Extra user for FS account backup
users.users = {