diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 95fbf9d..e0286bb 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -24,8 +24,6 @@ ./tor.nix ]; - sops.defaultSopsFile = ./secrets.yaml; - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { "borg/crash" = {}; "ntfy" = {}; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 5c8868b..992c852 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -1,7 +1,4 @@ { - inputs, - outputs, - lib, config, pkgs, ... @@ -11,17 +8,18 @@ ../common.nix ]; + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "services/borg/yt" = { - sopsFile = ../../secrets/services/borg/yt.yaml; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/yt.yaml; }; "services/ntfy" = { sopsFile = ../../secrets/services/ntfy.yaml; }; - "wireguard/yt/private" = { + "wireguard/private" = { sopsFile = ../../secrets/wireguard/yt.yaml; }; - "wireguard/yt/psk" = { + "wireguard/psk" = { sopsFile = ../../secrets/wireguard/yt.yaml; }; }; @@ -187,7 +185,7 @@ repo = "de3911@de3911.rsync.net:borg/yt"; encryption = { mode = "repokey-blake2"; - passCommand = ''cat ${config.sops.secrets."borg/yt/rsyncnet".path}"''; + passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}''; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -199,7 +197,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; @@ -288,14 +286,14 @@ # wireguard setup networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"]; - privateKeyFile = config.sops.secrets."wireguard/yt/private".path; + privateKeyFile = config.sops.secrets."wireguard/private".path; peers = [ { publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "31.59.129.225:51820"; persistentKeepalive = 25; - presharedKeyFile = config.sops.secrets."wireguard/yt/psk".path; + presharedKeyFile = config.sops.secrets."wireguard/psk".path; } ]; }; diff --git a/secrets/borg/yt.yaml b/secrets/borg/yt.yaml index 650956b..1f66b9e 100644 --- a/secrets/borg/yt.yaml +++ b/secrets/borg/yt.yaml @@ -1,4 +1,5 @@ -rsyncnet: ENC[AES256_GCM,data:bRkLcWrMtlY3/7yMedzFMX5nFdRHawftDg==,iv:8Ip1vS0DpBOdD8VYlSK9pTQj2MC8Tx6eSUXRMtvKgmU=,tag:/Alv4F86wCR7ZvoMnHc0gg==,type:str] +borg: + rsyncnet: ENC[AES256_GCM,data:o1z9xwXqjceO6b/k9da33DyltLt+k9cS5w==,iv:Buu2gHB+MH2Ma/d0cGYyoNAZxcHE7dK/uLZMR9y2VDo=,tag:hNZyZQqAqRF7HXkT7ypTHg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T02:26:35Z" - mac: ENC[AES256_GCM,data:ZSbrAQIb2XXew6hcsGzuY02SHF8w0cyuyA6OyflHJ82gBTLqnw/ZpfIq6soFJiISWIr0PbM0vDb47lE/h4pJ08tGdR+8krBqJ1urPtkplg3eweQ6R9S4Kn5EfUfZ3ofVC92kcWgee9venjBWq/HPRT+9tvhsjEWOcoK8xWC9pww=,iv:XGkJb88no7qvdmBydFjt3EcLDh+Xj/qK5t+Jdkf6LH4=,tag:lkCzudpAA6XmEhX3KXZT0A==,type:str] + lastmodified: "2024-12-17T03:08:48Z" + mac: ENC[AES256_GCM,data:Zxdfy547x/RQF7Q3ip6163nD07F2L49u9yNvCQcxrjfFbVQNYspkX+aZJNOW+9KzIpmMcmVe9llN9IyA2b3R3Yzz6hBzP2LCxO9iQt+XQVpv5rCQRC3E+4SgkX6KpZ0TOhjiA9+4KvwfYkXH5P6JS6jjw5u4v16i1X121quBemk=,iv:86EoZpSSqZ5q2DZP4B9NTASFOzX1ptdRcw5o+3eQKkw=,tag:c/D7Mus6d8X1Q8hMPziGqQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/de3911/yt.yaml b/secrets/de3911/yt.yaml index 9693b37..49ccf64 100644 --- a/secrets/de3911/yt.yaml +++ b/secrets/de3911/yt.yaml @@ -1,4 +1,5 @@ -id_ed25519: ENC[AES256_GCM,data:Yli80jZgpicXecVdgCezbp2XV57XoDgb/6oymt5H3509QLvADkulzx2M/be0vbR5PL3iX2cn8K6yqDNNSA3+Yv8fqPshBPUUIigPIk0bIOudxVpdZwy3jbQRtU7mvQL+pLtuk4Z/wCRPU+EpQldpw05m6dJll7wIWTjWoOgL6ZYFDnK0F4q5PviL4qNuHRlzaxK4Yp3U6TasBcKnrV2OZW5EnDTllHTdbOfRB3vI15YF25a1sxYvq9DveyOok0d/XjD43tfWTXSRFXpbJEmeuqP3akPRTYQGrEP0uRXsx6MIf0USbnAdA4MLGPSL4A4sy6ManvRvn1wQaKckDE+rfAZ3DnLTmE60PO+LEn9KVp/zGtvVEr9m5gHgzcb/2+S8BY4ECg4QZHiEhthVLjnf5Ys3E9/uEb4lMnKjNzZ7QIDYFx/fIiJf2+2FxSr2ApWFl1O3bl8pfNFq2hJzmgi7J/wPypt7nt3G0nTTmwvIB4f4Xy7HSWI+bA3OQT6Nv0T2cDk+DukAZSZ62EVI0ydF,iv:1DyqUOoaHPYAc1zUlAOFBEZhM+JuYm6ggcwrWOTZVQA=,tag:zMR4QlktyL3dZ/S5u7eriA==,type:str] +rsyncnet: + id_ed25519: ENC[AES256_GCM,data:KHFv0P5JLHCXKXb3UFmZrgLG7mrSDSi6CAYZTMSxJH6FgakFhPY/u1VE0wlHaBEwUSHbh6xhVbITiAgrqQXbPeo72moUhBD1/+X1fGUV+0rbHHhZecaEoqXseNEWfxAypUWnmKQ3DwCjO0wb9A+UohLCTMUzHBucX0AKVBxW2VEYkvMXu3du2ryWCDNYKukdwLYXxTxrBmIbjSJ2Myq22vcqLpMAIOJ85QWoCrVypVxB6TD7xi6KwQmqDHpE7KEdDg6Eq0Gzu7RWIdUiUddvWJwBFr/v+dJguk93er/K6azFfbzPMXL8IuogAr/Aly22tu5MQm0i1oSmMgovQqfYCQdaDnelVgopWn0KRrlmEDHPyA5aiEg4sPfUDGmyRIFLy5avKv7bPo+Xk9iRt0tuu09lUJl9PxiyDGoeLoh2qD+jJA76DO57A1EB+JdoKJZiRgkfSg1IOtYXUkV5XQfK0sIkc+VdoDKOdVvIqM7stoSSIqycbf8knekYVpgSVQkrPg75lQd8soOFJoID8xB6,iv:pidCcX4V6PKCNnUDDq11zTGOoketZ80nCqm0R5BYx4c=,tag:Z3Sq1+FVAAqQikaBFQ6M5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T00:32:05Z" - mac: ENC[AES256_GCM,data:XSJKbq0mvSMbDmNMqY+Fnnt59VgRiEZVVSXcgf3cytVEAqfMthaBi/f9OhMykvTy7lPwe9CHXWI0/1UAZHwEK+gGlIWnMAaqAYSFC+xoLbhRlkDYNUAntC1jhwcK48acK9TWlQirFZsukyWIvsvx1ap2PD/QgotwVNKxMuS0Gig=,iv:BowPffBLvInPh43TVliKudtP3mMtk+eFrniSfFnkThA=,tag:OpZCkPOywDSooOX/TnU8ow==,type:str] + lastmodified: "2024-12-17T03:07:54Z" + mac: ENC[AES256_GCM,data:d9k3j80zF6yvIBWy32HUt4d26DR4ygrU8kRxlWutPd2pcEnyGOFq8mbgJCQeqpngek51ECwnuCGemVvTBJq0szy9zExeGRtZ8wWIDReTOCPMAKITTEsiwr14eOpeNbjKnbMz9RNI4T7Uwy7JV+rPaZh2AzG64ajkTGv4uA0JT3U=,iv:79AEtjqS/Bf79jdFasEKDJrWN6T/RVUvdm03N8rg694=,tag:ZDS6dwH7TEp5pxTuZ/LUBQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/ntfy.yaml b/secrets/services/ntfy.yaml index 05c28d6..6edc64c 100644 --- a/secrets/services/ntfy.yaml +++ b/secrets/services/ntfy.yaml @@ -1,4 +1,5 @@ -ntfy: ENC[AES256_GCM,data:0UkHARZmRniWu7QJGA==,iv:lMC1o866fg+JdIP7HXkBdAEJep4i/TJyNMnKF89Ta9U=,tag:iNu4Ro7ey9JFjh2LrxvbSg==,type:str] +services: + ntfy: ENC[AES256_GCM,data:94sCR5zF5ck3R9uvng==,iv:fRtWRzx5oGXxMRpx1Iv0vMELlwB1T7kiujSQu+AXQXo=,tag:3f6WgbL+Xfy1X36/9Cozgg==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +24,8 @@ sops: NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T00:39:06Z" - mac: ENC[AES256_GCM,data:lsvfZ+uOpu/mA+R8qqfnIOqziH+/jeBRZX6+Sv6Q/bErJ8q2p0dNXNBZ4OcZLVkAE2LQaqk2e4zZeMiI3d6HjwmBRzZ29Nk+EVui5SrD4qU9eHKbOx94O/jNVBN9OwHwXtnhbW82HA8lq0vFFuRJ9N/AnOITiPb55A+dgQgiQVU=,iv:xbncdaZcCjbh5y+WacbwXMjFTbFRIWBw0y+AMdL5tOo=,tag:Ko564HfgVXJBc0swCgVuhQ==,type:str] + lastmodified: "2024-12-17T03:08:24Z" + mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/wireguard/yt.yaml b/secrets/wireguard/yt.yaml index c5f6b44..83be6e4 100644 --- a/secrets/wireguard/yt.yaml +++ b/secrets/wireguard/yt.yaml @@ -1,5 +1,6 @@ -private: ENC[AES256_GCM,data:LOC8vGmfyLomE/5izQDE6N1rFlAzIypw5wIPc264DCcmMR3b0e2Ng5zh1F4=,iv:MImAKrEkoSghfj6uaI+TqPKmLn+XaqinNFWwSyEPFrA=,tag:VMDRGslWmmrLj5fwPJe6Mg==,type:str] -psk: ENC[AES256_GCM,data:D7sbcGvTyGEOfevUbxfLzaxQ/1e+n14ZIt3xdIiR1ZCM2ZPCVstAERQB5+Q=,iv:m1N9ZgU0LIV1DwuLSW80Re3e7EEzn1rMFFzOoKzH4ao=,tag:pQdd7U+ZzteLGfYzgSrKiQ==,type:str] +wireguard: + private: ENC[AES256_GCM,data:hdGsRnF76tNlmv+bqn2xzykBwskDrtYis9f7RKCvGXRnjJxuLhdVlYPf93I=,iv:UT/u+Qei9lODaMHLiHu0xmzkW2iTLqG70xfpMYAKJ7w=,tag:PfNzJBr6l92fwlakxEmwTA==,type:str] + psk: ENC[AES256_GCM,data:3ILdJJbYWwj6fY/6d40EPFyij3f/0RiZBlnGGTkhvQVll+pqksSLck4sBKo=,iv:0nJZtSH9nIDMCnoksfc8PmNJ9SGPkvKxh3j7NlNWQj8=,tag:cwvgTyeyQgEobOfEgzNAVw==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:13:00Z" - mac: ENC[AES256_GCM,data:7hWz/cPZLsPrax74EJe0pQCVhXrPTdzAJUOWmBk/Nm/hG52EjWSTKHJdA7mq2L3OAd/3NwJLw9EXIopR53O+/VsUH99DKtRGl9MV4zsZkEpFA04V3er66pjGgVNcS2jChrc95IggBXRybDXCy6yfqU1HqSSoO1jPM75sWYGcd3Y=,iv:kUsypdUupCRAdM1vGjtz/s0MVrsimxLAeUdm33GuMHI=,tag:f1cIFPiFhyj3EE+DOevntQ==,type:str] + lastmodified: "2024-12-17T03:09:22Z" + mac: ENC[AES256_GCM,data:zkbor5pSdB0eG4dM5i0DrYDDgrw/Jgi4HWXQkOpGXhJIijm4L1I8gC8T6LFkEC3GGs8If6CY0dzuKkNDTA/r4hQ6oMunZNfdg8cV8+NZFNUJpca9S4IwUgPf35kV2QeDSB5w2h3pxz0QL/cmAOugXnI6LCrqZsbTzXfA9g51dkA=,iv:aO8zj3bqmmHdJq0Km02/qDVqnFxJv8ocGm/6CnAX5BA=,tag:2ziWeBd49Nr76f6wBDgF0g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2