Add backups config #9
8 changed files with 146 additions and 5 deletions
88
flake.lock
88
flake.lock
|
@ -1,5 +1,47 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"darwin": "darwin",
|
||||||
|
"home-manager": "home-manager",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1684153753,
|
||||||
|
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"darwin": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673295039,
|
||||||
|
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||||
|
"owner": "lnl7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lnl7",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1667395993,
|
||||||
|
@ -17,7 +59,28 @@
|
||||||
},
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1682203081,
|
||||||
|
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684596126,
|
"lastModified": 1684596126,
|
||||||
|
@ -50,6 +113,22 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677676435,
|
||||||
|
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1683286087,
|
"lastModified": 1683286087,
|
||||||
"narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=",
|
"narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=",
|
||||||
|
@ -65,7 +144,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684570954,
|
"lastModified": 1684570954,
|
||||||
"narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
|
"narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
|
||||||
|
@ -122,8 +201,9 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"home-manager": "home-manager",
|
"agenix": "agenix",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"home-manager": "home-manager_2",
|
||||||
|
"nixpkgs": "nixpkgs_3",
|
||||||
"pwnix": "pwnix"
|
"pwnix": "pwnix"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,9 +7,10 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
url = git+https://im.badat.dev/bad/pwnix.git;
|
url = git+https://im.badat.dev/bad/pwnix.git;
|
||||||
};
|
};
|
||||||
|
agenix.url = github:ryantm/agenix;
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = args@{ home-manager, nixpkgs, ... }: with nixpkgs; {
|
outputs = args@{ home-manager, nixpkgs, agenix, ... }: with nixpkgs; {
|
||||||
|
|
||||||
# Configurations for NixOS machines.
|
# Configurations for NixOS machines.
|
||||||
nixosConfigurations =
|
nixosConfigurations =
|
||||||
|
@ -32,6 +33,7 @@
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
(mkUserConfig ./system/strawberry)
|
(mkUserConfig ./system/strawberry)
|
||||||
|
agenix.nixosModules.default
|
||||||
./system/strawberry/core.nix
|
./system/strawberry/core.nix
|
||||||
./shared/core
|
./shared/core
|
||||||
];
|
];
|
||||||
|
|
10
secret/backblaze.age
Normal file
10
secret/backblaze.age
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 WzdOcw /csNPlpruF3Qq1YHu2sf9AUZVrECvlo9kQ+d/U7SsDY
|
||||||
|
grIBod4k2TvmiYh5rhh/mWfg37ezuRYz5sgw8jI3sVw
|
||||||
|
-> ssh-ed25519 tvCYbQ NNrvjiXnK+QnKcyXyGEQdGkGYOHma9IXS+xXt5kKlkY
|
||||||
|
YRoXtSrYy+6c92J8+A3i1R6WZWAApsBDdg4lnZzV534
|
||||||
|
-> j58*}-grease -LZ i
|
||||||
|
Rvy8Armemfb+G1DyL1JbbvQsfRbVeWgte507ozmnUjL3q+tUspegA5XxOA15XwVM
|
||||||
|
wHCjU9FYC+WgL8a2m65vDs4
|
||||||
|
--- Mwn5PvXnc54IJ1JGFAZ3E4oErHBfPZImj58twTviCVo
|
||||||
|
¬”¼‚<ï[>"àÖPȨ݄öÎbš/<2F>Û\o)7öª§t®ÞS{¶Úü@pøQ:›áÒŠ¡Ü•K‹YÂ>kØÆKé3tÔê’¡ÉÇ=wƒR‹åùžAjô‚™Ðô¸
4;Bè ˜1¼ïz¤>XȪPÄÝîóxó<78>Í'åÜ]¹8†mÂò¬¹Ö¶\‡œ¨õxâÄJ/Á²ôNJŽø›N2äÛ
|
9
secrets.nix
Normal file
9
secrets.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
let strawberry = builtins.readFile ./system/strawberry/keys/riley.pub;
|
||||||
|
dev-lt-63 = builtins.readFile ./system/dev-lt-63/keys/riley.pub;
|
||||||
|
in {
|
||||||
|
# Secrets for backup cloud storage provider
|
||||||
|
"secret/backblaze.age".publicKeys = [
|
||||||
|
strawberry
|
||||||
|
dev-lt-63
|
||||||
|
];
|
||||||
|
}
|
33
shared/core/backups.nix
Normal file
33
shared/core/backups.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
|
||||||
|
let cfg = config.custom.backups;
|
||||||
|
in with lib; {
|
||||||
|
|
||||||
|
options.custom.backups = {
|
||||||
|
enable = mkEnableOption "Automatic backups to Backblaze";
|
||||||
|
bucket = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "ezri-${config.networking.hostName}-backups";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
services.duplicity = {
|
||||||
|
enable = true;
|
||||||
|
secretFile = config.age.secrets."backblaze".path;
|
||||||
|
include = [
|
||||||
|
"/home"
|
||||||
|
];
|
||||||
|
exclude = [
|
||||||
|
"/home/**/.config"
|
||||||
|
"/home/**/.cache"
|
||||||
|
"/home/**/.cargo"
|
||||||
|
"/home/**/.local"
|
||||||
|
# NixOS configuration, we keep that elsewhere.
|
||||||
|
"/home/**/os"
|
||||||
|
];
|
||||||
|
targetUrl = "b2://005c7170636d5ef0000000001@${cfg.bucket}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
5
shared/secrets.nix
Normal file
5
shared/secrets.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
age.secrets = {
|
||||||
|
"backblaze".file = ../secret/backblaze.age;
|
||||||
|
};
|
||||||
|
}
|
1
system/dev-lt-63/keys/riley.pub
Normal file
1
system/dev-lt-63/keys/riley.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDroUHLf56zlYLiMoD1JV5XXZNwY9tftobDttC6hnfiM riley@dev-lt-63
|
1
system/strawberry/keys/riley.pub
Normal file
1
system/strawberry/keys/riley.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINV6ECtM7dCAWwGX20Is9dbk9B2SHEGZN8bMzwoq5A3W riley@strawberry
|
Loading…
Reference in a new issue