From 6ee5593da68ecd46d0ed7820ba97e8ae614ed4cf Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Fri, 13 Sep 2024 20:26:41 -0700 Subject: [PATCH 1/4] add tree for backup --- provision/hosts/default/backup.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/provision/hosts/default/backup.nix b/provision/hosts/default/backup.nix index 9f8bd6cd..48a71c1c 100644 --- a/provision/hosts/default/backup.nix +++ b/provision/hosts/default/backup.nix @@ -3,6 +3,7 @@ services.borgmatic.enable = true; environment.systemPackages = with pkgs; [ borgbackup # Deduplicating backup program + tree (pkgs.writeScriptBin "stop-docker-containers" '' #!/bin/sh [ -e /tmp/docker_images ] && rm /tmp/docker_images From 9be3ce3f96e410168257ef5a72fa959df3bf9c14 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 14 Sep 2024 08:47:56 -0700 Subject: [PATCH 2/4] move secrets out of modules into relevant config files --- provision/hosts/bulwark/configuration.nix | 1 - provision/hosts/default/configuration.nix | 3 +- provision/hosts/default/default.nix | 2 +- provision/hosts/default/git.nix | 15 +++++++ provision/hosts/kestrel/backup.nix | 24 ++++++++++ provision/hosts/kestrel/configuration.nix | 1 - provision/hosts/shivan/configuration.nix | 1 - provision/hosts/torus/backup.nix | 25 ++++++++++- provision/hosts/torus/configuration.nix | 1 - provision/modules/gaming/emulation.nix | 11 +++++ provision/modules/system/default.nix | 2 +- provision/modules/system/secrets.nix | 53 ----------------------- provision/modules/system/terminal.nix | 3 -- 13 files changed, 78 insertions(+), 64 deletions(-) create mode 100644 provision/hosts/default/git.nix delete mode 100644 provision/modules/system/secrets.nix diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index 54b863f7..2b4cee51 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -46,7 +46,6 @@ nipr.enable = true; ssh.enable = true; terminal.enable = true; - secrets.enable = true; wireguard-client.enable = false; }; }; diff --git a/provision/hosts/default/configuration.nix b/provision/hosts/default/configuration.nix index 14fbdb73..1bf28dcc 100644 --- a/provision/hosts/default/configuration.nix +++ b/provision/hosts/default/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, inputs, ... }: { nix = { package = pkgs.nixFlakes; @@ -46,6 +46,7 @@ environment.systemPackages = with pkgs; [ cowsay # A program which generates ASCII pictures of a cow with a message + inputs.agenix.packages.x86_64-linux.default ]; # Did you read the comment? diff --git a/provision/hosts/default/default.nix b/provision/hosts/default/default.nix index 24dc40c6..08e821e2 100644 --- a/provision/hosts/default/default.nix +++ b/provision/hosts/default/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./backup.nix ./configuration.nix ./home-configuration.nix ]; + imports = [ ./git.nix ./backup.nix ./configuration.nix ./home-configuration.nix ]; } diff --git a/provision/hosts/default/git.nix b/provision/hosts/default/git.nix new file mode 100644 index 00000000..815072b0 --- /dev/null +++ b/provision/hosts/default/git.nix @@ -0,0 +1,15 @@ +{ config, pkgs, user, lib, ... }: +{ + environment.systemPackages = with pkgs; [ + git # Version control system for tracking changes in source code during software development. + git-annex # Manages files with git, without checking the file contents into git. + lazygit # Terminal-based GUI for git, making it easier to use and visualize git repositories. + ]; + + age.secrets."git/github_personal" = { + file = ../../secrets/git/github_personal.age; + owner = "${user}"; + group = "users"; + }; +} + diff --git a/provision/hosts/kestrel/backup.nix b/provision/hosts/kestrel/backup.nix index d1d9fdf1..1220e930 100644 --- a/provision/hosts/kestrel/backup.nix +++ b/provision/hosts/kestrel/backup.nix @@ -1,9 +1,33 @@ { config, pkgs, user, lib, ... }: { + age.secrets."ssh/torus/id_ed25519.pub" = { + file = ../../secrets/ssh/torus/id_ed25519.pub.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."ssh/kestrel/id_ed25519" = { + file = ../../secrets/ssh/kestrel/id_ed25519.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."ssh/kestrel/id_ed25519.pub" = { + file = ../../secrets/ssh/kestrel/id_ed25519.pub.age; + owner = "${user}"; + group = "users"; + }; + # Password-less logins for backup users.users."${user}".openssh.authorizedKeys.keyFiles = [ config.age.secrets."ssh/torus/id_ed25519.pub".path ]; + + # Password-less login for root + programs.ssh.extraConfig = '' + Host torus + AddKeysToAgent yes + IdentityFile /run/agenix/ssh/kestrel/id_ed25519 + ''; + systemd.tmpfiles.rules = [ "d /store 0775 ${user} users -" ]; diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index 1f456d31..0a425723 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -61,7 +61,6 @@ }; system = { nipr.enable = true; - secrets.enable = true; ssh.enable = true; terminal.enable = true; wireguard-client = { diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index 47578228..4d79885a 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -49,7 +49,6 @@ }; system = { nipr = true; - secrets.enable = true; ssh.enable = true; terminal.enable = true; wireguard-client.enable = false; diff --git a/provision/hosts/torus/backup.nix b/provision/hosts/torus/backup.nix index d7f3444d..35667fc3 100644 --- a/provision/hosts/torus/backup.nix +++ b/provision/hosts/torus/backup.nix @@ -1,8 +1,31 @@ { config, pkgs, user, lib, ... }: { - # Password-less logins for backup + age.secrets."ssh/kestrel/id_ed25519.pub" = { + file = ../../secrets/ssh/kestrel/id_ed25519.pub.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."ssh/torus/id_ed25519" = { + file = ../../secrets/ssh/torus/id_ed25519.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."ssh/torus/id_ed25519.pub" = { + file = ../../secrets/ssh/torus/id_ed25519.pub.age; + owner = "${user}"; + group = "users"; + }; + + # Password-less login for user users.users."${user}".openssh.authorizedKeys.keyFiles = [ config.age.secrets."ssh/kestrel/id_ed25519.pub".path ]; + + # Password-less login for root + programs.ssh.extraConfig = '' + Host kestrel + AddKeysToAgent yes + IdentityFile /run/agenix/ssh/torus/id_ed25519 + ''; } diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index 9fc28838..6d02a219 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -102,7 +102,6 @@ system = { terminal.enable = true; ssh.enable = true; - secrets.enable = true; }; }; diff --git a/provision/modules/gaming/emulation.nix b/provision/modules/gaming/emulation.nix index ac6ec00f..5808242f 100644 --- a/provision/modules/gaming/emulation.nix +++ b/provision/modules/gaming/emulation.nix @@ -21,5 +21,16 @@ in { ]; }) ]; + + age.secrets."emu/switch/prod.keys" = { + file = ../../secrets/emu/switch/prod.keys.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."emu/switch/title.keys" = { + file = ../../secrets/emu/switch/title.keys.age; + owner = "${user}"; + group = "users"; + }; }; } diff --git a/provision/modules/system/default.nix b/provision/modules/system/default.nix index af779f98..4172fc51 100644 --- a/provision/modules/system/default.nix +++ b/provision/modules/system/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; + imports = [ ./nipr.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; } diff --git a/provision/modules/system/secrets.nix b/provision/modules/system/secrets.nix deleted file mode 100644 index ab846bfd..00000000 --- a/provision/modules/system/secrets.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, user, inputs, ... }: - -let cfg = config.modules.system.secrets; -in { - options.modules.system.secrets.enable = lib.mkEnableOption "secrets"; - config = lib.mkIf cfg.enable { - - environment.systemPackages = [ - inputs.agenix.packages.x86_64-linux.default - ]; - - # git secrets - age.secrets."git/github_personal" = { - file = ../../secrets/git/github_personal.age; - owner = "${user}"; - group = "users"; - }; - - # ssh secrets - age.secrets."ssh/kestrel/id_ed25519" = { - file = ../../secrets/ssh/kestrel/id_ed25519.age; - owner = "${user}"; - group = "users"; - }; - age.secrets."ssh/kestrel/id_ed25519.pub" = { - file = ../../secrets/ssh/kestrel/id_ed25519.pub.age; - owner = "${user}"; - group = "users"; - }; - age.secrets."ssh/torus/id_ed25519" = { - file = ../../secrets/ssh/torus/id_ed25519.age; - owner = "${user}"; - group = "users"; - }; - age.secrets."ssh/torus/id_ed25519.pub" = { - file = ../../secrets/ssh/torus/id_ed25519.pub.age; - owner = "${user}"; - group = "users"; - }; - - # emu secrets - age.secrets."emu/switch/prod.keys" = { - file = ../../secrets/emu/switch/prod.keys.age; - owner = "${user}"; - group = "users"; - }; - age.secrets."emu/switch/title.keys" = { - file = ../../secrets/emu/switch/title.keys.age; - owner = "${user}"; - group = "users"; - }; - }; -} diff --git a/provision/modules/system/terminal.nix b/provision/modules/system/terminal.nix index 165c4523..2c5ace73 100644 --- a/provision/modules/system/terminal.nix +++ b/provision/modules/system/terminal.nix @@ -6,9 +6,6 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; [ - git # Version control system for tracking changes in source code during software development. - git-annex # Manages files with git, without checking the file contents into git. - lazygit # Terminal-based GUI for git, making it easier to use and visualize git repositories. killall # Command-line utility to terminate processes by name. pciutils # Utilities for inspecting and manipulating devices connected to the PCI bus. chezmoi # Manages your dotfiles across multiple machines, ensuring consistency and version control. From eda2998b0b06b7f48923db7b51c02e7d6e4b409c Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 14 Sep 2024 08:59:15 -0700 Subject: [PATCH 3/4] add secret for torus borg backup --- provision/hosts/torus/backup.nix | 5 +++++ provision/secrets/borg/torus/password.age | Bin 0 -> 561 bytes provision/secrets/secrets.nix | 1 + 3 files changed, 6 insertions(+) create mode 100644 provision/secrets/borg/torus/password.age diff --git a/provision/hosts/torus/backup.nix b/provision/hosts/torus/backup.nix index 35667fc3..db3d3db3 100644 --- a/provision/hosts/torus/backup.nix +++ b/provision/hosts/torus/backup.nix @@ -15,6 +15,11 @@ owner = "${user}"; group = "users"; }; + age.secrets."borg/torus/password" = { + file = ../../secrets/borg/torus/password.age; + owner = "${user}"; + group = "users"; + }; # Password-less login for user users.users."${user}".openssh.authorizedKeys.keyFiles = [ diff --git a/provision/secrets/borg/torus/password.age b/provision/secrets/borg/torus/password.age new file mode 100644 index 0000000000000000000000000000000000000000..0d96fea3b686b2097d4a7214407d79c72ebcd7ee GIT binary patch literal 561 zcmZ9_yRMU9007|QinE)E3~mIWT#JJddQO2-C_hjN-ME!fD3k*I3te<~^8uVqTpUc? z-CT`>i<^Uq`T)kkz26IbL7L!686EpWn^onL>X;Iz5rRKMn`VnAF~zbY0p*s4IRfYg zIBvL~gbcZm8`H%Y#k6!M?l^bsoU}YiPrdBLD~*yWWV1VhgWJkApX`D`p?55}1!@r` zRn7*)ye?Ws4(St(X?NG#bRZf4(UL3MMxZo{5cPRG5Ji^wk~6R?U`JDp?~b8NI)S2N zQy=lVnPs(05mZ{CMasxd^`*97bB4cSjY5@pi(Z6@uhcwqy)nEz01M#^I)f$VoMg^&Epy(IF6$uO`7R;oh><2PCeccNtNuynMn7d zVrK$0VM^Yv1(5Y5^7^mbzW*EyFVpF_^ZhUK8{_%cn}1L9kMC}N{rLIk^7h5|5PS9b Q-Usnh{qVt~;&S=@9~0NPGXMYp literal 0 HcmV?d00001 diff --git a/provision/secrets/secrets.nix b/provision/secrets/secrets.nix index 3aef6f06..75ac0b7b 100644 --- a/provision/secrets/secrets.nix +++ b/provision/secrets/secrets.nix @@ -21,5 +21,6 @@ in "ssh/kestrel/id_ed25519.pub.age".publicKeys = users ++ systems; "ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems; "ssh/torus/id_ed25519.pub.age".publicKeys = users ++ systems; + "borg/torus/password.age".publicKeys = [ tstarr_torus ] ++ systems; } From d84e57d9a2b39ef7d12439fd94d1a0f885cae7d8 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 14 Sep 2024 09:40:25 -0700 Subject: [PATCH 4/4] password-less login for rsync.net --- home/private_dot_ssh/config.tmpl | 4 ++++ provision/hosts/torus/backup.nix | 14 ++++++++++++++ provision/secrets/borg/rsync/id_rsa.age | Bin 0 -> 4033 bytes provision/secrets/borg/rsync/id_rsa.pub.age | Bin 0 -> 1390 bytes provision/secrets/secrets.nix | 2 ++ 5 files changed, 20 insertions(+) create mode 100644 provision/secrets/borg/rsync/id_rsa.age create mode 100644 provision/secrets/borg/rsync/id_rsa.pub.age diff --git a/home/private_dot_ssh/config.tmpl b/home/private_dot_ssh/config.tmpl index 0f158f45..9d3e7df7 100644 --- a/home/private_dot_ssh/config.tmpl +++ b/home/private_dot_ssh/config.tmpl @@ -1,6 +1,10 @@ Host github.com AddKeysToAgent yes IdentityFile /run/agenix/git/github_personal + +Host fm2120.rsync.net + AddKeysToAgent yes + IdentityFile /run/agenix/borg/rsync/id_rsa {{ if eq .chezmoi.hostname "kestrel" }} Host torus AddKeysToAgent yes diff --git a/provision/hosts/torus/backup.nix b/provision/hosts/torus/backup.nix index db3d3db3..392e95ff 100644 --- a/provision/hosts/torus/backup.nix +++ b/provision/hosts/torus/backup.nix @@ -20,6 +20,16 @@ owner = "${user}"; group = "users"; }; + age.secrets."borg/rsync/id_rsa" = { + file = ../../secrets/borg/rsync/id_rsa.age; + owner = "${user}"; + group = "users"; + }; + age.secrets."borg/rsync/id_rsa.pub" = { + file = ../../secrets/borg/rsync/id_rsa.pub.age; + owner = "${user}"; + group = "users"; + }; # Password-less login for user users.users."${user}".openssh.authorizedKeys.keyFiles = [ @@ -31,6 +41,10 @@ Host kestrel AddKeysToAgent yes IdentityFile /run/agenix/ssh/torus/id_ed25519 + + Host fm2120.rsync.net + AddKeysToAgent yes + IdentityFile /run/agenix/borg/rsync/id_rsa ''; } diff --git a/provision/secrets/borg/rsync/id_rsa.age b/provision/secrets/borg/rsync/id_rsa.age new file mode 100644 index 0000000000000000000000000000000000000000..10337aa107eeb5270abafca64f1cfc37d4ba9be2 GIT binary patch literal 4033 zcmZ9|_dgU40{~zn$;u|#Byn-)oHH`-vd#_btVnKhwi{MtuL~u6BobMXL?}^OM#_j# zR#qr`WWDdt-@oAbd>#)nQH|(_4+;&SdHMUP`v;MM3=M8ILpdtdQ;kRfYiVid%He@Q zK#+|b5O)TmBs(?**HdU(SaKp-r{7w=;4&5aBMV!;3( zIL-nZYVL_bW6VrlD6~L7#~=a#3=9r|_(2ISRGKfAV)9=NibY#%*vO&$O#y)b5G}wI z1M%<-2r@_5+aWOk48hg`j19c%;*SIeo0z(fv%XYKGt};Q$K=mf`Kku=Vyt5*$O} zFc8^CM;8M5uLjXJ53@0mb0&tOLY$~T91I7h`8pA?XmXeq-4{%EG67?CQGT#M4AcU5 z)zKSE=C;>FITLlDNGF_MAP7bDpy~!AHEb-wzM62jhNAgmprhXqX|efB+jSkcO?l7SZ1aWoBhcBnD~GY{^t^sGVtmm$?f< z$IBjPiGU%jX#r-QbRrH&wui%Pt_Ew^Lj8z7crr;#hg(feO^yQ423rT1>T1JiCLRzS ze4 z%0z(5icw>DzlCB4IC83nS!vD>QPg|w?>tS)udOfh9*TZ;@A~z3a?=&3Gacj1W)eqj z*6m~^0aM1OOF;doicE|C6^@^`y#8qIvX+G#Rls!?CmwaZ7xXGXLT%R%E};qaEjtA$ zggYCLnbixPJ0ZA#gI%D@mGw1UlV4aRD;x`t7nD^E2jZ*#&H z^_dkc$s*(D8>yinj-UVf6G&YMg+g=RL5} z^(}jjJmmZMv<6DKbk@C%^ zxFP$sOsS&r2a~zdMTC8mE^xpCAbvDk(KGYZzUHGGXh!2l*ML|b+50=1E8H1n;52&0 z7R97^AM=$0Ja;&DrQGgkukA#vFHv@L^6;P4o8Zobzf2kHMAWxl)UBpV!OFV|l^x}F zo9L_kzORQX=|bWS7!4-8wiJ=1ng6Bm0!5KS0Y#P5QPIT| zm5Iw|%YEOVm#-{%x#7yA2a`MWi;4WmClY~xEx>V5dLFgA75e78Ig5zv<`>2a=|c<; z?}2-%{TW{QXH)(Mo5R;So+`n)qAlki!(tK&&A(;I-v?)#J6D&7yB!we6Wu}HT-G@T za}!$-vOrOI8XK6INHagk`J;97YwZfJ!schqp}=_<+KyHJ9pZ<}UHk0y7d*t@@3>E@ z6Sl9|fmmNh@FV6KjgMaCgWUEtYgw%nl1(#*Kz;os<+jvtEHh%U9gG^}@wh~q9PSR~m zKcFV1)mzEm$oK61h^@(6AA!7?mol3kYP>!<5$m#@YLsZ{+B0AQZ1XUzrLRZ+p>isc zZdZi0QFmhv_k!be-(EdNtcjQ^eoc0b+g1+h4=>{b=&P1-LhR%yd4hUvNuS&Kdary; z{@d-fY?hjSF@a1x3;CO{zqLt)Bg7;rS#m zRTs)Z_U71^=t+G@pGcA+QR4&>s(-9e6V57M@~J4ASQCtXuQsk85zsj6_cs8eL; zM^`#X(0l!!@#uy#pH`xfKwumS8N})es_vHosTF; zI%66xm@wS;@VYSvME>UO^M^c9@Xo1|boQAt-6qRAJJs65v&^7!I;1J%CFi9S=+f~< z-XRMJ8C@*&;8(4pj@-Ps-Dz+IUPP&TJW*N0#i^=vmw4 ztGjgiaazLKCo#Tr-ZNbYf+Tl-QZ-iT0tQ!G2L96YnH z97N(D4()0oMcr>3FV-u3%Gf|JmFBZ<3>+NV@LneN-u2zv=#oDd!K55H^0Ml0ESE&% znR^Uovf@~-LgjZBShI2Fs#d7wbKXq{r*pFd9Vr zez)jjm_izNyYWGV_K;+42du@C1E*FNAApY7+)}m5c&4wvTAz$H`GbG zp<$0?uv4SA(oo`llhLu0jf!pD4Q7<6cG4vz6PL3BBu?LEBL|fq!^-wJst+9;MxGuT z1ZQ!#S58&vuUHwy9G&N{Tg)~AI@pwXk1Ym1bvt*1&zHjLtE7W-7RqD~0LY#f?@-5A z#f?ZkP-kdXd`2Br6l$|_t$cLiuu_l84CftHu6~$L+syj*;DvDPh(qTAZ^1mLV@~*L zuElTh8>4-+CZESPjwk!23ajl$jjFTkBJFHlsj_crC#a}N%TtgBS{W0e_Q7A)7OTi7}Usu z<)+@gQoPsaOS%vGFUpcELIY#EMe@!;+k2#+AdTp2F38n2tL-sc+WYUAT%zrCf=PBInbZ(oA3NY=ag2%FM>Rmk)GiMTVL8OCT6#IM!OkO; z9;KuV+iz+vN!PZ3IP9!UCj;8sg9+S~+A11pkGZ)P-CGmAES%7N_I|{qpgUD0L9e1!`?aN(3G(ORke z2cN8uUl(-749ou>Pqv+wi8}N#Oi8&m>1}RXqKyes9-UX+cI{>Gsf@mtXFU&}G&m3( zr!y9fk!|AWjC6M5<_{(D+Ik*%B$;Yl%IRy+dlAA@vvJ$_Cg_PZY5s9+vNOxtR;BRT z_gNL$*e35brbv<`{i=B&^2YPrFeq&Wy`etcrD8Hxf0TATzKu}835{1Rg%l7!7lu_Y z&E`AIl(Os*B!0;p6!&Fc<}Jb_3!m{+W*cpckGbFLmjpCyLTW5OP7EzxK3}|us@RXJ z{jBiA5K?9P>H+>4pDE5LFD1t*E4pSOyVy>uoc+_ab;x-i)2MfiQ7cWVOX1Q3+&Kcl z?9G>&~9;d%&ubiXaBc@2=mM@=D4AkF=6jjfqnoc26QB^0}&J zS96LYxCV{q^K*#@eCxEFf9Xqj;g2@dmYYRBeoQ~F7{&lyr~(Sae4hUo(w|=iu!_3! z6yd>_P;)o}O{}bXgN+Mjo^P~Vk55d?G}^j}K0&LBer+gf4n14sg^3#wZcH0U|Dp7C zvmoFf=b%3SjDe6*KJ9wk&yN(!--1HZI@Nc_Ia9-W2_}&Urs+B{<(|>AmuU)0U)~<` zE*Dm_^Do-}30Yzlz>RMoes_=|W zRz6WJ5VNFKw_0ZBvp|wj!gA^uWW1Cu!+G;cRrF1&*-FO|m5@DuV>WWI@x6(Vja6|u9d5qh6T zY;Z~os0dr5g@hV5EKw2ZM1Zem!5)X!!Nt?*8Ye>6x|APl2+Sr~#3;7Y2m=;aXYm-J ztO6H85D7Fc6=2qph<=)y$d@ri09{J9xiu2%QnRI@$anS^73)?CGIjZKj z$06ly2KhiErH0D%W6mUv#GG#P%IAdXw@H10&`GLeXJB!jnqaSw<=n5zl=qP6sML_DM5zy)5Y)Ex_^-uYfWjJUbKhS_mp2>Z&`p-~nyFg+o7cz7 z$_&?!zPNW^x%tVOmlLRcRpGmgPq1cmm*?WdJzJjNIelRjHcX(B0NknS#%^-H7U3e1GD^#AWO=)Lp^SOV0+|-OA1E8gWX) zNfuo3+};!}I(inrgrfZLn!9dcRZCb@@a66;$6cI`mB-q+rH#;9_hCn2L-GcQSbab~ zP_n6`Bv^#&nN2P3)jS%^m8Tq`T~43VM*Tr&_AOQ`q)iFerYdKzwwFyd^e=p#n2Sy> zjieMWTL$|6jLtoap2?ytZ@hB~J~-e4*8i3?y*|EU;o%GA+H>FX84q)pQ;l7JKYg{` zFjJVF?sybjf2HBZAQoqDBMlBO@NZUm@nh`?J&w`$S5G&=GlnHr%GXy6q@^MHe*u}* BMNR+! literal 0 HcmV?d00001 diff --git a/provision/secrets/secrets.nix b/provision/secrets/secrets.nix index 75ac0b7b..865f6230 100644 --- a/provision/secrets/secrets.nix +++ b/provision/secrets/secrets.nix @@ -22,5 +22,7 @@ in "ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems; "ssh/torus/id_ed25519.pub.age".publicKeys = users ++ systems; "borg/torus/password.age".publicKeys = [ tstarr_torus ] ++ systems; + "borg/rsync/id_rsa.age".publicKeys = users ++ systems; + "borg/rsync/id_rsa.pub.age".publicKeys = users ++ systems; }