cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

setup backup on titan and nix fmt

Browse source
This commit is contained in:
cy 2024-12-30 23:14:50 -05:00
parent d428cd2377
commit a372071b70
9 changed files with 127 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml
View file

@ -14,11 +14,17 @@ creation_rules:
- age:
- *chunk
- *cy
- path_regex: secrets/de3911/titan.yaml
key_groups:
- age:
- *titan
- *cy
- path_regex: secrets/services/ntfy.yaml
key_groups:
- age:
- *chunk
- *yt
- *titan
- *cy
- path_regex: secrets/restic/yt.yaml
key_groups:
@ -35,6 +41,11 @@ creation_rules:
- age:
- *chunk
- *cy
- path_regex: secrets/borg/titan.yaml
key_groups:
- age:
- *titan
- *cy
- path_regex: secrets/wireguard/yt.yaml
key_groups:
- age:

5
hosts/chunk/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
inputs,
...
}:
{
@ -26,10 +25,6 @@
./conduit.nix
./immich.nix
./element.nix
{
disabledModules = [ "services/backup/borgbackup.nix" ];
}
(inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
];
sops.age.keyFile = "/root/.config/sops/age/keys.txt";

17
hosts/titan/backup.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
...
}:
{
my.backup = {
enable = true;
jobName = "titanRsync";
exclude = [
# podman stuff
"/var/lib/containers"
];
repo = "titan";
passFile = config.sops.secrets."borg/rsyncnet".path;
sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path;
};
}

10
hosts/titan/default.nix
View file

@ -15,6 +15,7 @@
./ghost.nix
./ntfy.nix
./uptime-kuma.nix
./backup.nix
];
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -22,6 +23,15 @@
"caddy/env" = {
sopsFile = ../../secrets/services/caddy.yaml;
};
"services/ntfy" = {
sopsFile = ../../secrets/services/ntfy.yaml;
};
"borg/rsyncnet" = {
sopsFile = ../../secrets/borg/titan.yaml;
};
"rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/de3911/titan.yaml;
};
};
boot = {

3
hosts/titan/uptime-kuma.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
# data stored at /var/lib/uptime-kuma/ but does not expose
# an option to change it
services.uptime-kuma = {

4
hosts/ytnix/default.nix
View file

@ -11,11 +11,9 @@
../yt.nix
{
disabledModules = [
"services/backup/borgbackup.nix"
"services/backup/btrbk.nix"
];
}
(inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
(inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix")
];
@ -188,7 +186,7 @@
programs.sway.enable = true;
my.backup= {
my.backup = {
enable = true;
jobName = "ytnixRsync";
exclude = [

31
secrets/borg/titan.yaml Normal file
View file

@ -0,0 +1,31 @@
borg:
rsyncnet: ENC[AES256_GCM,data:HZhY3xqkiq/W7W6mvbqlInvZQfsk+vMPLdcB0gu9bzMuAM7uTCXE5g==,iv:pcvOvIScpPhnPtZr6NlhSAuEUTBBjJ4mFg/FdU8Qto0=,tag:nnY9hSzRrMl6C5GFUOhRVQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYnRxVGFVSVdGMDZKUWRB
cC9tdDk4bHhVbXdOYi9SeXhySHZNNWZqTVRBCnEzR2x1T2NzcnRPQjJ1V3JzR1RI
RmppZExIUmdaa3hhek5SL2xzTTZwM0EKLS0tIHFPTDRKblhnNjhtQmtSSlVQMitG
NFZnQ1U1SHYxT1Q5SUFmWGJ4NDFNcVEKj1g94nn05yd9gXgYM3kx7SOwt973KOO/
2Q+nNiR2DG+H7IqKjPfx45bXe0if+ZAulTVAsjcZK5ZB8TiPVXDrjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXU2hlaTJQYVpNczRROHZt
WCt1T1VaMDJUNVhrNVJ0N0tUTnBvRzBmdVJvCkF4K1hMVnR1NCt5Nmg0QXMvcUdl
NnhqU0p5VitOL0Qvay9TZXZwUVhRTkUKLS0tIElBYnp1UWxLSjhQcTNOZFUyV3Np
djVSenB6d0NmelhmSzJKcllMbG1IUUEKSIyK9pMjvLqTTZS617r3o5CFdGFPz0RJ
3YCVt+tBFrVGfRaE+Xvkv5gRYp+p36OlrNpxjX+Ay9GHi4q8OlmIJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-31T04:00:20Z"
mac: ENC[AES256_GCM,data:sDUD9aSp+s70ZgsN8QMsh3sKinrxuBGK48XcNaKzStnIXtVIkO45c3svCCNjFgh687qVdoCUdIttmf8nP+XvEo6BbXpW3VHfcRZgap2KodjhOTRwh8sBEqr9glPQeecQpHJ/D2U1igbZlYpK+2FaECkkg+troyPbvxrPKJ8hWgw=,iv:UBLhUgykn3tBLmdBFVEjsamtb+IsdKG+FxWeEumyap0=,tag:gE/VO+3/Audipume+xcN2g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

31
secrets/de3911/titan.yaml Normal file
View file

@ -0,0 +1,31 @@
rsyncnet:
id_ed25519: ENC[AES256_GCM,data:uqd95tSWgSUwZxQAtMrKE3ISjSsb+4ZAUH7VlP7bGWMjZYPqZG0/cckMEocBaGXpjMrH1o5HjkNNmOsCBl6Lz1Vfk6drPyZbRlw9+G7K6zLeAI92gD3xnpaIkzClxGxO4GvumrcSgi1dtvh+N7X1sf5W+ByHrAtGM32G8IDKZwO1j64xSUMikwXeMV938oFUGYddKR9PcdYOf70XRPq9TZyiuYxgISRUIQFywtzKxPgUljDPUeEbU+VqIArUPBUh3Rfe0yea35ef4MT+y9rYc49OUk+06YdUvFEIClDXW9uahRFAHaLn76tDDrsL0O58LTIeG/bxiXGzmoYCiwpbUbEaYFhpZyKW3Lns7VQHwgkA+Sg71GvgibCbvbUV77Fe7e16pfutXErvIspomLssA57HGSU1MqSzwgYTAs4phvd39lj2JF3b8JdEpgmxjxUmnCkTtXOPa5StmVNfVVoRZPlq5Squtc4h7F2FVYsEWD2ZsC4EuJiLVqx3N2Z1I/AsaN4eBrjkRnVDICqYL5Ve,iv:+CF3+mB3s4TR0vNk/29mHpDSh/dGLgC76/sxBA1sie0=,tag:z4UrxxSkQMx11TeJjhxMgg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsV3VmSko4dmtwcDFDaTUx
NWloOVNmQ09vSWhPN096NmpOclg3M3BxcEZJCm85K3dqS0NNdUdmMHpldzN6THRn
REZnSjdYSkNYVHdTandZd3RsdW9SV2MKLS0tIDNPZHdOekFQRXdmT0VDWjFOaDJu
MTdxOTlNR1BrNFlPVlFiaGJPNGhhcUEK1BD5VQ0nDMUhOp1qatZDrkK9rYJ/Y3Xa
KBEKkzm/DfyVbRzAolXKGesTp14Vyofv9PcZeulN7jLDQZByKTjPsQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSk5sN29mS1JEN05pN1pJ
WmNybGEzRkNVRHFDU1p2dWVqbUFoZ1QxRHpvCnN3WnVJeXVpSE1reFNueGNKWVVM
d3hjbXZJL0lBYXUxYldQSk5GckhvRWMKLS0tIHJhUU43MjZHdFVtT2FjOTcrK0xT
RlhIYmhESXc2Y2RzY01IWnRKMG94bHMKTPc6w/7rIBNEHKEZQAXSPXW8cuA5PQhL
CEi7M5W5LGb/z0/Ml2YT8nir2pxDqmzLiiIueh5NkJjOASUMnG+5QQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-31T03:50:19Z"
mac: ENC[AES256_GCM,data:3MQkrPbpOt0hFmDZjuJEYgA30b3tGZsSi1dpKqTFZqjX7N2w+GOJ8ZgE69zUiab3hqzwcVo8heDGl5vHbdKfpOur2vJToVFmwxrKU7Gj8nI+4gPGic8EVTgJ3zh4dEgMZOh9Id27WgcDhr6iwbZFLSttknU6BGXlDwm5Q0VNtLY=,iv:Dsrm1SaE/sHgWwaI9MkLCRUApFRbFQ+0yGkGNrclX+Y=,tag:5Kmh8kwJ2Dvh3tO7ShzCcw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

39
secrets/services/ntfy.yaml
View file

@ -9,29 +9,38 @@ sops:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQmhTWEdOQWV1N1V4bnND
ZFRoQkRtWTE1cm9iZExNdVFBTlArR0l6QlN3CmRsN3hjL3JsT2ZkczFuMTAvaWRZ
dGdwby92aEpDQjVUUmlqWXNWQzFrbTgKLS0tIHZIN1QzcjBFclI2ZUVkUEgrcjlv
WW9rVVQzbEczVk5CV0ZRSm4rVUxiZ2MKUAA1Vqnv0kpOub2D+XAjEV+5ymm32TZM
RpPRF+/e487dyqGscFQUQHhzIZIRPLAawR4hHd/iZC8y/UT86GlpJg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUM2JSNVkwT2ZlY3l6RHZ5
V1hvUDE4TmR2YjRSU25mSWdzaUNlanZ1SDBzClY2Z0M4ek5reE5yb3VhZUhIdktT
bk00bTM4UXZHeVk3YWpvZEVXbTQrQnMKLS0tIDdWbFlhd3UvVmlZRy9lR1Zpaldl
cm9ZMjd1OCtkVFp6WEVTWkliTzFXNmMKoJr6VPQoQZISQ9XfOq6hPYiDPT969CkV
U/Th9OOlCdA8bduxAmimrnYXhSF7phQHJANIWwyEZ4zDryHJ9lZg8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc1RySDUrc2s5K2svMFk4
dEtXM1JXbU9oRjVCbmZCT3RBdWVRK1lhNEV3CkVrRmNvRkxQYmZxZ0N6dFpUbjJZ
SDJOUVI1ZFdOdkQ0SGlJMVBqd3ErNnMKLS0tIERqbldPL2ZlaTlZR0FySGExMzQ0
NERIQ1VUNnMzdVhFMTZEVmdFR2FSMkkKiaFOXw6wXsxwUZRn/zDV2MKelJZUk8Wi
1iISfgO5FVl3ix1NhTD5awbtHaAZt4cfjStYD6R0sb5JUQW+WsoHiQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVFp4ZTI2eWU3czVHRWxs
NjNaOGc1alNoOE16WHdvbkhNeFJJUS9rZlE0ClpSUVRuREZiM1llajVPSm8reUh3
cHdFaDhaL2xpNXFLNnB2MDVJWXp6Z0EKLS0tIDBDdHJUdVRTRVFWazltTmJwT0dr
dXNIRUFPNmFhN1BuMVhJR01CUjhqTTQKrdRUnyrcIB/WTFkIwYaFAKKO3DnqwtTr
4Mf1t2MKZw8PGWDDPKH6NL6LODcYq8g49cuvhJNKvoUhuujfisO6xg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeXFrcXZVc21KQWpxSU1v
RkxkdXV2SnV0RTZIQzFEczZkNklTa1NmaUhjCmVqVDJTR2VDcFBSOXV6dUxhUC83
RDYrejRPYncvWWhLaGdwZU02RmRxTVkKLS0tIDVLWE9WVDBPS0p6STZ6czlDbC91
Q3JDM2RDczUzdXpPZEhoTW9Jd0JxSG8KQFNZXOgHxDXeNdwArod74Dfc2IXOrz3S
Fiw/HVhQdwvjDSui9hUxpZuF94AKHRmVsKZvO3kvBhI6GWpW8wmk/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVZzNEtBUTZkbUZ2eFBF
Wm9Ic3dleW94U0xTRUs5VmtvRjFydVZhOFc0CkgrYWxuTW9obUlwVmhsYWx5dmYy
Z0tLYUlKTDI0UTh5bWtnSU52YlBoTEkKLS0tIGVwTW5ER09OaTRUM2tBT09WcTg0
NnBSNFQ4ZGRMcHlPdUZzOFJHV3Z4OGcKOiZq+DmEFVyt+9Z7uMJqx8AD8QvOejCb
bFBndq9UffyxLflzuxMRpKiRJ3BSVGu6/YXAdXvfLaXNBcLBQdsR8Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZDZhcVJnVFY2U2NSZlJK
bC8wdTJ2eFlJY1lBRmsxbmgzQkVMZjUwOVJBCm1PdEJiWXJJeXdPbEVOQ0F2cVJL
RGMxOTlLY0pVMWtYTkJBZ1VoOGxrOWsKLS0tIGZ4RnlmV2l4TFBITDY4VWU5TFJ4
NkU1QWl6R3M3by9jVTBXSm5kd3BEOFkKacXasnAVwlctfPu4j6IVeCW7jCWS124S
kMTxU0BLxQjoh6+Xw/BXQ6nk+cQBEFjN022UpItlC5ty2P5jcjos1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:08:24Z"
mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str]