secrets/ytnix: fix structure and path
This commit is contained in:
parent
ed8a15bfea
commit
455b1d8dc3
6 changed files with 26 additions and 26 deletions
|
|
@ -24,8 +24,6 @@
|
||||||
./tor.nix
|
./tor.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"borg/crash" = {};
|
"borg/crash" = {};
|
||||||
"ntfy" = {};
|
"ntfy" = {};
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,4 @@
|
||||||
{
|
{
|
||||||
inputs,
|
|
||||||
outputs,
|
|
||||||
lib,
|
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
|
|
@ -11,17 +8,18 @@
|
||||||
../common.nix
|
../common.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"services/borg/yt" = {
|
"borg/rsyncnet" = {
|
||||||
sopsFile = ../../secrets/services/borg/yt.yaml;
|
sopsFile = ../../secrets/borg/yt.yaml;
|
||||||
};
|
};
|
||||||
"services/ntfy" = {
|
"services/ntfy" = {
|
||||||
sopsFile = ../../secrets/services/ntfy.yaml;
|
sopsFile = ../../secrets/services/ntfy.yaml;
|
||||||
};
|
};
|
||||||
"wireguard/yt/private" = {
|
"wireguard/private" = {
|
||||||
sopsFile = ../../secrets/wireguard/yt.yaml;
|
sopsFile = ../../secrets/wireguard/yt.yaml;
|
||||||
};
|
};
|
||||||
"wireguard/yt/psk" = {
|
"wireguard/psk" = {
|
||||||
sopsFile = ../../secrets/wireguard/yt.yaml;
|
sopsFile = ../../secrets/wireguard/yt.yaml;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -187,7 +185,7 @@
|
||||||
repo = "de3911@de3911.rsync.net:borg/yt";
|
repo = "de3911@de3911.rsync.net:borg/yt";
|
||||||
encryption = {
|
encryption = {
|
||||||
mode = "repokey-blake2";
|
mode = "repokey-blake2";
|
||||||
passCommand = ''cat ${config.sops.secrets."borg/yt/rsyncnet".path}"'';
|
passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}'';
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519";
|
BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519";
|
||||||
|
|
@ -199,7 +197,7 @@
|
||||||
# warnings are often not that serious
|
# warnings are often not that serious
|
||||||
failOnWarnings = false;
|
failOnWarnings = false;
|
||||||
postHook = ''
|
postHook = ''
|
||||||
${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
|
${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
|
||||||
$(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
|
$(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
|
||||||
https://ntfy.cything.io/chunk
|
https://ntfy.cything.io/chunk
|
||||||
'';
|
'';
|
||||||
|
|
@ -288,14 +286,14 @@
|
||||||
# wireguard setup
|
# wireguard setup
|
||||||
networking.wg-quick.interfaces.wg0 = {
|
networking.wg-quick.interfaces.wg0 = {
|
||||||
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
|
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
|
||||||
privateKeyFile = config.sops.secrets."wireguard/yt/private".path;
|
privateKeyFile = config.sops.secrets."wireguard/private".path;
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
|
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
|
||||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||||
endpoint = "31.59.129.225:51820";
|
endpoint = "31.59.129.225:51820";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
presharedKeyFile = config.sops.secrets."wireguard/yt/psk".path;
|
presharedKeyFile = config.sops.secrets."wireguard/psk".path;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
rsyncnet: ENC[AES256_GCM,data:bRkLcWrMtlY3/7yMedzFMX5nFdRHawftDg==,iv:8Ip1vS0DpBOdD8VYlSK9pTQj2MC8Tx6eSUXRMtvKgmU=,tag:/Alv4F86wCR7ZvoMnHc0gg==,type:str]
|
borg:
|
||||||
|
rsyncnet: ENC[AES256_GCM,data:o1z9xwXqjceO6b/k9da33DyltLt+k9cS5w==,iv:Buu2gHB+MH2Ma/d0cGYyoNAZxcHE7dK/uLZMR9y2VDo=,tag:hNZyZQqAqRF7HXkT7ypTHg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -14,8 +15,8 @@ sops:
|
||||||
bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k
|
bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k
|
||||||
sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g==
|
sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-17T02:26:35Z"
|
lastmodified: "2024-12-17T03:08:48Z"
|
||||||
mac: ENC[AES256_GCM,data:ZSbrAQIb2XXew6hcsGzuY02SHF8w0cyuyA6OyflHJ82gBTLqnw/ZpfIq6soFJiISWIr0PbM0vDb47lE/h4pJ08tGdR+8krBqJ1urPtkplg3eweQ6R9S4Kn5EfUfZ3ofVC92kcWgee9venjBWq/HPRT+9tvhsjEWOcoK8xWC9pww=,iv:XGkJb88no7qvdmBydFjt3EcLDh+Xj/qK5t+Jdkf6LH4=,tag:lkCzudpAA6XmEhX3KXZT0A==,type:str]
|
mac: ENC[AES256_GCM,data:Zxdfy547x/RQF7Q3ip6163nD07F2L49u9yNvCQcxrjfFbVQNYspkX+aZJNOW+9KzIpmMcmVe9llN9IyA2b3R3Yzz6hBzP2LCxO9iQt+XQVpv5rCQRC3E+4SgkX6KpZ0TOhjiA9+4KvwfYkXH5P6JS6jjw5u4v16i1X121quBemk=,iv:86EoZpSSqZ5q2DZP4B9NTASFOzX1ptdRcw5o+3eQKkw=,tag:c/D7Mus6d8X1Q8hMPziGqQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
id_ed25519: ENC[AES256_GCM,data:Yli80jZgpicXecVdgCezbp2XV57XoDgb/6oymt5H3509QLvADkulzx2M/be0vbR5PL3iX2cn8K6yqDNNSA3+Yv8fqPshBPUUIigPIk0bIOudxVpdZwy3jbQRtU7mvQL+pLtuk4Z/wCRPU+EpQldpw05m6dJll7wIWTjWoOgL6ZYFDnK0F4q5PviL4qNuHRlzaxK4Yp3U6TasBcKnrV2OZW5EnDTllHTdbOfRB3vI15YF25a1sxYvq9DveyOok0d/XjD43tfWTXSRFXpbJEmeuqP3akPRTYQGrEP0uRXsx6MIf0USbnAdA4MLGPSL4A4sy6ManvRvn1wQaKckDE+rfAZ3DnLTmE60PO+LEn9KVp/zGtvVEr9m5gHgzcb/2+S8BY4ECg4QZHiEhthVLjnf5Ys3E9/uEb4lMnKjNzZ7QIDYFx/fIiJf2+2FxSr2ApWFl1O3bl8pfNFq2hJzmgi7J/wPypt7nt3G0nTTmwvIB4f4Xy7HSWI+bA3OQT6Nv0T2cDk+DukAZSZ62EVI0ydF,iv:1DyqUOoaHPYAc1zUlAOFBEZhM+JuYm6ggcwrWOTZVQA=,tag:zMR4QlktyL3dZ/S5u7eriA==,type:str]
|
rsyncnet:
|
||||||
|
id_ed25519: ENC[AES256_GCM,data:KHFv0P5JLHCXKXb3UFmZrgLG7mrSDSi6CAYZTMSxJH6FgakFhPY/u1VE0wlHaBEwUSHbh6xhVbITiAgrqQXbPeo72moUhBD1/+X1fGUV+0rbHHhZecaEoqXseNEWfxAypUWnmKQ3DwCjO0wb9A+UohLCTMUzHBucX0AKVBxW2VEYkvMXu3du2ryWCDNYKukdwLYXxTxrBmIbjSJ2Myq22vcqLpMAIOJ85QWoCrVypVxB6TD7xi6KwQmqDHpE7KEdDg6Eq0Gzu7RWIdUiUddvWJwBFr/v+dJguk93er/K6azFfbzPMXL8IuogAr/Aly22tu5MQm0i1oSmMgovQqfYCQdaDnelVgopWn0KRrlmEDHPyA5aiEg4sPfUDGmyRIFLy5avKv7bPo+Xk9iRt0tuu09lUJl9PxiyDGoeLoh2qD+jJA76DO57A1EB+JdoKJZiRgkfSg1IOtYXUkV5XQfK0sIkc+VdoDKOdVvIqM7stoSSIqycbf8knekYVpgSVQkrPg75lQd8soOFJoID8xB6,iv:pidCcX4V6PKCNnUDDq11zTGOoketZ80nCqm0R5BYx4c=,tag:Z3Sq1+FVAAqQikaBFQ6M5Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -14,8 +15,8 @@ sops:
|
||||||
bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce
|
bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce
|
||||||
Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw==
|
Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-17T00:32:05Z"
|
lastmodified: "2024-12-17T03:07:54Z"
|
||||||
mac: ENC[AES256_GCM,data:XSJKbq0mvSMbDmNMqY+Fnnt59VgRiEZVVSXcgf3cytVEAqfMthaBi/f9OhMykvTy7lPwe9CHXWI0/1UAZHwEK+gGlIWnMAaqAYSFC+xoLbhRlkDYNUAntC1jhwcK48acK9TWlQirFZsukyWIvsvx1ap2PD/QgotwVNKxMuS0Gig=,iv:BowPffBLvInPh43TVliKudtP3mMtk+eFrniSfFnkThA=,tag:OpZCkPOywDSooOX/TnU8ow==,type:str]
|
mac: ENC[AES256_GCM,data:d9k3j80zF6yvIBWy32HUt4d26DR4ygrU8kRxlWutPd2pcEnyGOFq8mbgJCQeqpngek51ECwnuCGemVvTBJq0szy9zExeGRtZ8wWIDReTOCPMAKITTEsiwr14eOpeNbjKnbMz9RNI4T7Uwy7JV+rPaZh2AzG64ajkTGv4uA0JT3U=,iv:79AEtjqS/Bf79jdFasEKDJrWN6T/RVUvdm03N8rg694=,tag:ZDS6dwH7TEp5pxTuZ/LUBQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
ntfy: ENC[AES256_GCM,data:0UkHARZmRniWu7QJGA==,iv:lMC1o866fg+JdIP7HXkBdAEJep4i/TJyNMnKF89Ta9U=,tag:iNu4Ro7ey9JFjh2LrxvbSg==,type:str]
|
services:
|
||||||
|
ntfy: ENC[AES256_GCM,data:94sCR5zF5ck3R9uvng==,iv:fRtWRzx5oGXxMRpx1Iv0vMELlwB1T7kiujSQu+AXQXo=,tag:3f6WgbL+Xfy1X36/9Cozgg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -23,8 +24,8 @@ sops:
|
||||||
NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x
|
NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x
|
||||||
ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw==
|
ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-17T00:39:06Z"
|
lastmodified: "2024-12-17T03:08:24Z"
|
||||||
mac: ENC[AES256_GCM,data:lsvfZ+uOpu/mA+R8qqfnIOqziH+/jeBRZX6+Sv6Q/bErJ8q2p0dNXNBZ4OcZLVkAE2LQaqk2e4zZeMiI3d6HjwmBRzZ29Nk+EVui5SrD4qU9eHKbOx94O/jNVBN9OwHwXtnhbW82HA8lq0vFFuRJ9N/AnOITiPb55A+dgQgiQVU=,iv:xbncdaZcCjbh5y+WacbwXMjFTbFRIWBw0y+AMdL5tOo=,tag:Ko564HfgVXJBc0swCgVuhQ==,type:str]
|
mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
private: ENC[AES256_GCM,data:LOC8vGmfyLomE/5izQDE6N1rFlAzIypw5wIPc264DCcmMR3b0e2Ng5zh1F4=,iv:MImAKrEkoSghfj6uaI+TqPKmLn+XaqinNFWwSyEPFrA=,tag:VMDRGslWmmrLj5fwPJe6Mg==,type:str]
|
wireguard:
|
||||||
psk: ENC[AES256_GCM,data:D7sbcGvTyGEOfevUbxfLzaxQ/1e+n14ZIt3xdIiR1ZCM2ZPCVstAERQB5+Q=,iv:m1N9ZgU0LIV1DwuLSW80Re3e7EEzn1rMFFzOoKzH4ao=,tag:pQdd7U+ZzteLGfYzgSrKiQ==,type:str]
|
private: ENC[AES256_GCM,data:hdGsRnF76tNlmv+bqn2xzykBwskDrtYis9f7RKCvGXRnjJxuLhdVlYPf93I=,iv:UT/u+Qei9lODaMHLiHu0xmzkW2iTLqG70xfpMYAKJ7w=,tag:PfNzJBr6l92fwlakxEmwTA==,type:str]
|
||||||
|
psk: ENC[AES256_GCM,data:3ILdJJbYWwj6fY/6d40EPFyij3f/0RiZBlnGGTkhvQVll+pqksSLck4sBKo=,iv:0nJZtSH9nIDMCnoksfc8PmNJ9SGPkvKxh3j7NlNWQj8=,tag:cwvgTyeyQgEobOfEgzNAVw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -15,8 +16,8 @@ sops:
|
||||||
aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U
|
aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U
|
||||||
QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA==
|
QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-17T01:13:00Z"
|
lastmodified: "2024-12-17T03:09:22Z"
|
||||||
mac: ENC[AES256_GCM,data:7hWz/cPZLsPrax74EJe0pQCVhXrPTdzAJUOWmBk/Nm/hG52EjWSTKHJdA7mq2L3OAd/3NwJLw9EXIopR53O+/VsUH99DKtRGl9MV4zsZkEpFA04V3er66pjGgVNcS2jChrc95IggBXRybDXCy6yfqU1HqSSoO1jPM75sWYGcd3Y=,iv:kUsypdUupCRAdM1vGjtz/s0MVrsimxLAeUdm33GuMHI=,tag:f1cIFPiFhyj3EE+DOevntQ==,type:str]
|
mac: ENC[AES256_GCM,data:zkbor5pSdB0eG4dM5i0DrYDDgrw/Jgi4HWXQkOpGXhJIijm4L1I8gC8T6LFkEC3GGs8If6CY0dzuKkNDTA/r4hQ6oMunZNfdg8cV8+NZFNUJpca9S4IwUgPf35kV2QeDSB5w2h3pxz0QL/cmAOugXnI6LCrqZsbTzXfA9g51dkA=,iv:aO8zj3bqmmHdJq0Km02/qDVqnFxJv8ocGm/6CnAX5BA=,tag:2ziWeBd49Nr76f6wBDgF0g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue