diff --git a/home/dot_config/borgmatic.d/private_torus.yaml b/home/dot_config/borgmatic.d/private_torus.yaml index 89edd8e4..7ab9d7e3 100644 --- a/home/dot_config/borgmatic.d/private_torus.yaml +++ b/home/dot_config/borgmatic.d/private_torus.yaml @@ -1,18 +1,28 @@ source_directories: - - . + - /engi/apps # Docker containers and data + #- /engi/backup # Static files and service dumps + #- /home/tstarr/Sync # Syncthing files on Torus exclude_patterns: - 'code-server/config/*' - 'code-server/workspace/*' - 'immich/library/*' -archive_name_format: 'apps-{now}' +archive_name_format: 'borg-torus-{now}' repositories: #- path: ssh://user@backupserver/./sourcehostname.borg # label: backupserver - path: /engi/backup/borg/borg-apps label: local +before_backup: + - echo "Running pre-backup scripts! $(date)" >> /engi/test/test.txt + - tree /engi > /engi/backup/tree.txt + - stop-docker-containers + #- sudo -u gitea backup-dump-gitea + +after_backup: + - restore-docker-containters keep_daily: 7 keep_weekly: 4 diff --git a/provision/hosts/default/backup.nix b/provision/hosts/default/backup.nix index 5980fe4e..9f8bd6cd 100644 --- a/provision/hosts/default/backup.nix +++ b/provision/hosts/default/backup.nix @@ -1,11 +1,5 @@ { config, pkgs, user, lib, ... }: { - # Password-less logins for backup - users.users."${user}".openssh.authorizedKeys.keyFiles = [ - config.age.secrets."ssh/kestrel/id_ed25519.pub".path - config.age.secrets."ssh/torus/id_ed25519.pub".path - ]; - services.borgmatic.enable = true; environment.systemPackages = with pkgs; [ borgbackup # Deduplicating backup program diff --git a/provision/hosts/kestrel/backup.nix b/provision/hosts/kestrel/backup.nix new file mode 100644 index 00000000..b0d5f261 --- /dev/null +++ b/provision/hosts/kestrel/backup.nix @@ -0,0 +1,8 @@ +{ config, pkgs, user, lib, ... }: +{ + # Password-less logins for backup + users.users."${user}".openssh.authorizedKeys.keyFiles = [ + config.age.secrets."ssh/torus/id_ed25519.pub".path + ]; +} + diff --git a/provision/hosts/torus/backup.nix b/provision/hosts/torus/backup.nix new file mode 100644 index 00000000..d7f3444d --- /dev/null +++ b/provision/hosts/torus/backup.nix @@ -0,0 +1,8 @@ +{ config, pkgs, user, lib, ... }: +{ + # Password-less logins for backup + users.users."${user}".openssh.authorizedKeys.keyFiles = [ + config.age.secrets."ssh/kestrel/id_ed25519.pub".path + ]; +} + diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index d8c16c59..fd91dc7d 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -9,6 +9,7 @@ ./home-assistant ./gitea.nix ./nextcloud.nix + ./backup.nix ]; # Use normal kernel diff --git a/provision/modules/system/backup.nix b/provision/modules/system/backup.nix deleted file mode 100644 index 202e7b73..00000000 --- a/provision/modules/system/backup.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, user, ... }: - -let cfg = config.modules.system.backup; -in { - options.modules.system.backup.enable = lib.mkEnableOption "backup"; - config = lib.mkIf cfg.enable { - }; - -} diff --git a/provision/modules/system/default.nix b/provision/modules/system/default.nix index 97e0427b..af779f98 100644 --- a/provision/modules/system/default.nix +++ b/provision/modules/system/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ]; + imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; } diff --git a/provision/secrets/emu/switch/prod.keys.age b/provision/secrets/emu/switch/prod.keys.age index 8077d236..842b4293 100644 Binary files a/provision/secrets/emu/switch/prod.keys.age and b/provision/secrets/emu/switch/prod.keys.age differ diff --git a/provision/secrets/emu/switch/title.keys.age b/provision/secrets/emu/switch/title.keys.age index 88e7b425..c59f51ea 100644 Binary files a/provision/secrets/emu/switch/title.keys.age and b/provision/secrets/emu/switch/title.keys.age differ diff --git a/provision/secrets/git/gitea-runner-1.age b/provision/secrets/git/gitea-runner-1.age index 7d8c0577..8338adf7 100644 --- a/provision/secrets/git/gitea-runner-1.age +++ b/provision/secrets/git/gitea-runner-1.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Fz/sQw VMO7Bf8TC+D8W8+NdPFMixkcU2b4uz4DSf6Zx9aU4iU -DzvAcsQvylSrTLDOfKppfPz5nWIobeKSJpU4F16s1L8 --> ssh-ed25519 47GzQA 2rBejKxWVg+epKWeIpfiQOFmeX+7AGXVLccLtJYDHwk -dQiRj9XXxalBtypbLBB5h3zht22FTpWAGtUt8sfW+Vo --> ssh-ed25519 wcI7nQ ZRNWo76nAjRB4uXL+53nigH0AcoC8PoK4swkECOQBDo -EchMzDePnEc1gEBBJOWfySem1GMKTQxZ7ZOQPlM9kGg ---- 2SXiHLzyN/kLfeuju2Sv37lZ6ZSOc1rBsE44zioTo70 -'-褟5`3GMhCHU+?P'>~&j} -ԇFts& 7" \ No newline at end of file +-> ssh-ed25519 Fz/sQw eWmbN5fQHK2Af4PsSY24Yo4rviqcMc1841KZEdn/ezQ +/N3I6mOuUShNlzr2c/TnB6ax6TtkrFJQxFIaJ4STrXQ +-> ssh-ed25519 47GzQA 7ut3vn6lXxz58Tj/OXWuueqaxRGckhpVj4Z/N8b34XU +SBecD52O2UsCOOLQrxA/+E7VcXOj88Sdg0yA+i7bQ7s +-> ssh-ed25519 wcI7nQ isqztqV9KZjY/CUW4+I2yHfCeZmo2IKG9g5lfQkB/V4 +ppd2WJLTLyoEp5bS+oP6bT2gVkc+J3e7tlInx5326d4 +--- 4n4s3HSUR089Q2VqEmoxUnqrhlZ+cSvl9FXvrwTAkqc +c)?72,gх Mc1&H _!g.[eTs%lFд] \ No newline at end of file diff --git a/provision/secrets/git/github_personal.age b/provision/secrets/git/github_personal.age index 912fffcb..2ace2974 100644 Binary files a/provision/secrets/git/github_personal.age and b/provision/secrets/git/github_personal.age differ diff --git a/provision/secrets/nextcloud/password.age b/provision/secrets/nextcloud/password.age index d6c72cd0..1539737e 100644 Binary files a/provision/secrets/nextcloud/password.age and b/provision/secrets/nextcloud/password.age differ diff --git a/provision/secrets/secrets.nix b/provision/secrets/secrets.nix index 48df7085..3aef6f06 100644 --- a/provision/secrets/secrets.nix +++ b/provision/secrets/secrets.nix @@ -18,8 +18,8 @@ in "git/gitea-runner-1.age".publicKeys = systems; "nextcloud/password.age".publicKeys = systems; "ssh/kestrel/id_ed25519.age".publicKeys = [ tstarr_kestrel ] ++ systems; - "ssh/kestrel/id_ed25519.pub.age".publicKeys = [ tstarr_kestrel ] ++ systems; + "ssh/kestrel/id_ed25519.pub.age".publicKeys = users ++ systems; "ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems; - "ssh/torus/id_ed25519.pub.age".publicKeys = [ tstarr_torus ] ++ systems; + "ssh/torus/id_ed25519.pub.age".publicKeys = users ++ systems; } diff --git a/provision/secrets/ssh/kestrel/id_ed25519.age b/provision/secrets/ssh/kestrel/id_ed25519.age index 041ab8fe..5e6c24c7 100644 Binary files a/provision/secrets/ssh/kestrel/id_ed25519.age and b/provision/secrets/ssh/kestrel/id_ed25519.age differ diff --git a/provision/secrets/ssh/kestrel/id_ed25519.pub.age b/provision/secrets/ssh/kestrel/id_ed25519.pub.age index eeb46141..b347d2c7 100644 Binary files a/provision/secrets/ssh/kestrel/id_ed25519.pub.age and b/provision/secrets/ssh/kestrel/id_ed25519.pub.age differ diff --git a/provision/secrets/ssh/torus/id_ed25519.age b/provision/secrets/ssh/torus/id_ed25519.age index 3652764b..b293f56b 100644 Binary files a/provision/secrets/ssh/torus/id_ed25519.age and b/provision/secrets/ssh/torus/id_ed25519.age differ diff --git a/provision/secrets/ssh/torus/id_ed25519.pub.age b/provision/secrets/ssh/torus/id_ed25519.pub.age index aaba7e1a..bf0b6dcf 100644 Binary files a/provision/secrets/ssh/torus/id_ed25519.pub.age and b/provision/secrets/ssh/torus/id_ed25519.pub.age differ diff --git a/provision/secrets/wireguard/bulwark.age b/provision/secrets/wireguard/bulwark.age index 410179a1..9199005c 100644 --- a/provision/secrets/wireguard/bulwark.age +++ b/provision/secrets/wireguard/bulwark.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Fz/sQw iahBnonr/ERKTaFJtfCCZMRyFGl1IkXkROjk8Pz5A1s -TSgBmEB4WNl48drZwBU22oN8+rtFBroFn0sjRjEcd9I --> ssh-ed25519 47GzQA U3FTe966MQRbXEygRGrsX02oIPHoo8WZR8ZKMxReklU -YPJLdklpM7ruHes7rJbdvNWoajR9ae/DWiAd5x0OP7g --> ssh-ed25519 wcI7nQ b8xHvJrZ7DGaPLI0Z+JEgWxRJRLI8y8BR90xCI5fazk -Fx1kHtWXQ5Z+teARWKoRpN8QtPBbrhACc1WEhOisgBs ---- hbYewYLVVD3sY1BGgc7IRn2SegmQJdQU2uIc8vkUdgA -]f5{9j9O-ɬl41e#S ʋT[(h[@s & -^pU \ No newline at end of file +-> ssh-ed25519 Fz/sQw ahzp1uO9sWV9W3OACxPd4tN6SRpJi9PbKbdzruPFvxA +OeKlZx5L8EEUpKb6kxS33cwTIxwskNiajvSYV1PVzXY +-> ssh-ed25519 47GzQA adIA4CJ5oswd6MODdR5LSQ9uHI+aD6wyxoRueK5Wrk0 +21CvXBrll3Lw+VTMpdxUePr58XjZQH0h6W9U2zKZ6DM +-> ssh-ed25519 wcI7nQ f3p3SYJM3pTqYMz2NoajEHqUqKmKs+FM+taI1rpqqzM +PmeupVlX1nRFt3DkPMrx6o2oEtWoc+si2Flwd22D0Vw +--- dxk5xXqB72nPhxw46T6rChktRllWaPqJp4XTTi3IBpU +K ]. 穃Y,}xfҲ!fڴG#*EΑ6l;cMp.qAW8EF \ No newline at end of file diff --git a/provision/secrets/wireguard/kestrel.age b/provision/secrets/wireguard/kestrel.age index 674666f2..82dc2fca 100644 Binary files a/provision/secrets/wireguard/kestrel.age and b/provision/secrets/wireguard/kestrel.age differ diff --git a/provision/secrets/wireguard/torus.age b/provision/secrets/wireguard/torus.age index 9c3dc9b1..f90cd0f3 100644 --- a/provision/secrets/wireguard/torus.age +++ b/provision/secrets/wireguard/torus.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 Fz/sQw AXkkcwVYwCwvjyDqWhXtSQSepgVJmboLyXkOfpL5QA4 -kLMo6pp+8gvatCkIWRrRDxAIvPsFe5S79K3bb2gG/LA --> ssh-ed25519 47GzQA FCQoB9UG6NoTzPWh8W0YtE3MpP5TYLirH/WtZYCxnTs -YuFjvJybPaI4mflQc8vxIfEoswbXG1s8CPD9rgmJ0ZA --> ssh-ed25519 wcI7nQ PXgOnNP1HAZ5cEtZbxs6SFhqfqN1NLKMsuh4gMPEkzI -xZqOgjDSqqWQNz+hXT9jExKTXJqhDNB2rxmHj47Bue4 ---- GNwc1tnzwsYP6WPTCzMtyYJySfdXONBjAd0eFlZrEQg -Q!S.kljfHfeM+. R[ye$n(>؄#\5 ,,Eoe=+K@ \ No newline at end of file +-> ssh-ed25519 Fz/sQw sTJYlfFdSBl+xqi0+Yysl6NNWH8IABznrbF1MLi8p0c +xp0OvKeTPOK7CEUlPJOF9ZT3G55jYzGx/KI311YXzIM +-> ssh-ed25519 47GzQA Dc5kR+oUGLMcL5V+ul8NQTw4xr/ihd4qItpwlVDcLj8 +RZFPMVRFxBaosGvXRLcJA8gLIeaI8i2QIWflcsHY8uQ +-> ssh-ed25519 wcI7nQ 1lgpi/CuZpYLgjEnWYBD/2x5EMfPLfyR+9xJVqbfGEc +wmzNKHObcWs9tbU8nIZ6/iP3cJKusAIRwsoPnszxdbM +--- BAh4R0xMUi7v8eoI6R9aW5YHbGULsZR+lBw6JnGKsbQ + +I3SH|vkXնlm^bVCgMWiʄz;C|ԈT}?fr \ No newline at end of file