dotfiles/provision/hosts/kestrel/backup.nix

{ config, pkgs, user, lib, ... }:
{
  age.secrets."ssh/torus/id_ed25519.pub" = {
    file = ../../secrets/ssh/torus/id_ed25519.pub.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."ssh/kestrel/id_ed25519" = {
    file = ../../secrets/ssh/kestrel/id_ed25519.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."ssh/kestrel/id_ed25519.pub" = {
    file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/rsync/id_rsa" = {
    file = ../../secrets/borg/rsync/id_rsa.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/rsync/id_rsa.pub" = {
    file = ../../secrets/borg/rsync/id_rsa.pub.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/torus/password" = {
    file = ../../secrets/borg/torus/password.age;
    owner = "${user}";
    group = "users";
  };

  # Password-less logins for backup
  users.users."${user}".openssh.authorizedKeys.keyFiles = [
    config.age.secrets."ssh/torus/id_ed25519.pub".path
  ];

  # Password-less login for root
  programs.ssh.extraConfig = ''
    Host torus 
      AddKeysToAgent yes
      IdentityFile /run/agenix/ssh/kestrel/id_ed25519 

    Host fm2120.rsync.net
      AddKeysToAgent yes
      IdentityFile /run/agenix/borg/rsync/id_rsa
  '';

  systemd.tmpfiles.rules = [
    "d /store 0775 ${user} users -"
  ];
}
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`{ config, pkgs, user, lib, ... }:`
			`{`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00			`age.secrets."ssh/torus/id_ed25519.pub" = {`
			`file = ../../secrets/ssh/torus/id_ed25519.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."ssh/kestrel/id_ed25519" = {`
			`file = ../../secrets/ssh/kestrel/id_ed25519.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."ssh/kestrel/id_ed25519.pub" = {`
			`file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
add keys for kestrel rsync login 2024-09-14 09:45:06 -07:00			`age.secrets."borg/rsync/id_rsa" = {`
			`file = ../../secrets/borg/rsync/id_rsa.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."borg/rsync/id_rsa.pub" = {`
			`file = ../../secrets/borg/rsync/id_rsa.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
kestrel borg backup setup 2024-09-15 17:22:33 -07:00			`age.secrets."borg/torus/password" = {`
			`file = ../../secrets/borg/torus/password.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`# Password-less logins for backup`
			`users.users."${user}".openssh.authorizedKeys.keyFiles = [`
			`config.age.secrets."ssh/torus/id_ed25519.pub".path`
			`];`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00
			`# Password-less login for root`
			`programs.ssh.extraConfig = ''`
			`Host torus`
			`AddKeysToAgent yes`
			`IdentityFile /run/agenix/ssh/kestrel/id_ed25519`
add keys for kestrel rsync login 2024-09-14 09:45:06 -07:00
			`Host fm2120.rsync.net`
			`AddKeysToAgent yes`
			`IdentityFile /run/agenix/borg/rsync/id_rsa`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00			`'';`

create backup store on kestrel 2024-09-13 19:54:30 -07:00			`systemd.tmpfiles.rules = [`
			`"d /store 0775 ${user} users -"`
			`];`
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`}`