dotfiles/provision/hosts/torus/backup.nix

{ config, pkgs, user, lib, ... }:
{
  age.secrets."ssh/kestrel/id_ed25519.pub" = {
    file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."ssh/torus/id_ed25519" = {
    file = ../../secrets/ssh/torus/id_ed25519.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."ssh/torus/id_ed25519.pub" = {
    file = ../../secrets/ssh/torus/id_ed25519.pub.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/torus/password" = {
    file = ../../secrets/borg/torus/password.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/rsync/id_rsa" = {
    file = ../../secrets/borg/rsync/id_rsa.age;
    owner = "${user}";
    group = "users";
  };
  age.secrets."borg/rsync/id_rsa.pub" = {
    file = ../../secrets/borg/rsync/id_rsa.pub.age;
    owner = "${user}";
    group = "users";
  };

  # Password-less login for user
  users.users."${user}".openssh.authorizedKeys.keyFiles = [
    config.age.secrets."ssh/kestrel/id_ed25519.pub".path
  ];

  # Password-less login for root
  programs.ssh.extraConfig = ''
    Host kestrel
      AddKeysToAgent yes
      IdentityFile /run/agenix/ssh/torus/id_ed25519 

    Host fm2120.rsync.net
      AddKeysToAgent yes
      IdentityFile /run/agenix/borg/rsync/id_rsa
  '';
}
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`{ config, pkgs, user, lib, ... }:`
			`{`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00			`age.secrets."ssh/kestrel/id_ed25519.pub" = {`
			`file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."ssh/torus/id_ed25519" = {`
			`file = ../../secrets/ssh/torus/id_ed25519.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."ssh/torus/id_ed25519.pub" = {`
			`file = ../../secrets/ssh/torus/id_ed25519.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
add secret for torus borg backup 2024-09-14 08:59:15 -07:00			`age.secrets."borg/torus/password" = {`
			`file = ../../secrets/borg/torus/password.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
password-less login for rsync.net 2024-09-14 09:40:25 -07:00			`age.secrets."borg/rsync/id_rsa" = {`
			`file = ../../secrets/borg/rsync/id_rsa.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
			`age.secrets."borg/rsync/id_rsa.pub" = {`
			`file = ../../secrets/borg/rsync/id_rsa.pub.age;`
			`owner = "${user}";`
			`group = "users";`
			`};`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00
			`# Password-less login for user`
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`users.users."${user}".openssh.authorizedKeys.keyFiles = [`
			`config.age.secrets."ssh/kestrel/id_ed25519.pub".path`
			`];`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00
			`# Password-less login for root`
			`programs.ssh.extraConfig = ''`
			`Host kestrel`
			`AddKeysToAgent yes`
			`IdentityFile /run/agenix/ssh/torus/id_ed25519`
password-less login for rsync.net 2024-09-14 09:40:25 -07:00
			`Host fm2120.rsync.net`
			`AddKeysToAgent yes`
			`IdentityFile /run/agenix/borg/rsync/id_rsa`
move secrets out of modules into relevant config files 2024-09-14 08:47:56 -07:00			`'';`
password-less ssh for torus and kestrel for backups 2024-09-13 18:40:05 -07:00			`}`