about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--systems/cobalt/default.nix19
-rw-r--r--systems/cobalt/secrets/secrets.yaml5
2 files changed, 22 insertions, 2 deletions
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index 5cb4eb5..fa1cd8b 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -151,6 +151,7 @@ in
     bsd-finger
   ];
 
+  sops.secrets.borg-cobalt-rolling-pass = {};
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
@@ -171,6 +172,24 @@ in
   modules = {
     sops.enable = true;
 
+    services.backup = {
+      enable = true;
+
+      paths = [
+        "/persist"
+        "/home"
+      ];
+      exclude = [
+        # Rust build files
+        "/home/**/target"
+      ];
+
+      repo = "20963@hk-s020.rsync.net:rolling/exotic/cobalt";
+      repoKeyPath = config.sops.secrets.borg-cobalt-rolling-pass.path;
+      sshKeyPath = "/persist/ssh/ssh_host_ed25519_key";
+      rsyncNet = true;
+    };
+
     services.metrics = {
       enable = true;
       domain = "status.exotic.sh";
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index 8fcb206..b40573d 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -1,5 +1,6 @@
 root-password: ENC[AES256_GCM,data:utvaJtoAN+9CSmnEd86OjdMB5QFWq/ICm0cv6F26QAdBaVpi9APsSEWMej44sZ0jPXtLvXdlRYSm+Bok2/PTx5ACPWz/hyFz4w==,iv:hwai5JQvWmgSeuU8djxPng0EPZA3E08kyfhwr3P8vCA=,tag:eg29EwPSrdH5evO0sUkb3g==,type:str]
 sefidel-password: ENC[AES256_GCM,data:i3fLsgHXIogbPh95k7EPXs9rzfrl617lDqwXktMd/buy5MhUfgl6lNftayeIhIihqmZP4Fu0r7m5s6DYvpfpyvK22Y/Yvib57w==,iv:u9iZ+261lh3ckJubH9iD2iFCAJhUB8ca2VhFYvrHwzA=,tag:4j7j61aOu9zFomU4AS5ThA==,type:str]
+borg-cobalt-rolling-pass: ENC[AES256_GCM,data:sR1V7JkNN5AmXINQYoqpdxFJ7wjcVeHKzYMV8/dAMQ==,iv:CXVMkN4wQi0khfxG8J0a8ZFCwn5Ynh4M1GIaKTY70Bw=,tag:8naCtTu3mlzPI5FKtVmDvg==,type:str]
 acme-envs: ENC[AES256_GCM,data:9IvoY1E2VLikZgPcNnEl2e33SMgLOJsX7aVTEbld1ggl8Z77a2iau17d/ZLWs0+u,iv:gr2iHuYmtZp2eWhX0E0OKolIn/Nm5+9hJqFTYZagV4c=,tag:9mqUFzqe8+3T+Nwbu5V0Fg==,type:str]
 matrix-server-key: ENC[AES256_GCM,data:MsPH8g0bc0cY+k5XvVIyi1hDpX2up7+noU9P4Dfm3Z9f1eXv7SaJhlRnR40qrk4sQN1uG0R/ro7S2z9EswX0iZx10PfjWF8Igrc9w9b2+EM/gb0O3dGskPAnDrm9JYh+gF6SsqmwJUEYh+Lx1EfuGMTWpnXZjLrimIWCfmz/1qxJECQds/aQwuA=,iv:B8yzXZ1IUVVvxFQ0MzzS5LSHZXQirnXiLoOru4S2H78=,tag:TNp1Y3C/iYgq5itqXGIt/g==,type:str]
 mjolnir-password: ENC[AES256_GCM,data:dyM2VVxn1PFRXy5dgfvq3EuWyGDhDZvJOd1sTnKE5q0Arv1y,iv:DD80um8QXLybj1w4ZsxPbv3+s2NrQfpPDAEpkztkMFo=,tag:3ZEJ7V+ICh2Ip5gZt06zjA==,type:str]
@@ -37,8 +38,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-01T12:26:34Z"
-    mac: ENC[AES256_GCM,data:S4K22awHjvAAmAhRR6b7bvCod3viJZ6Q8acWcb7J5GwHET/wPpy8DnMPA5CPghe/k0ytTg/MMX+ht1iVt/8AL4SOIlkdnF6qCr+hNrFaNR0xkkIpQ4Q+i4tncVE9cHPRriq3rMlwLxRMRlNlS+TaYCg7Cw+sp8VlXsEim+/61iQ=,iv:GuPrg68slQQcKaRU8kU9XfGQBpkksQ9wy+Isp+ygug4=,tag:aAElbI2Rz57O6NxHA2+Ksw==,type:str]
+    lastmodified: "2023-08-01T16:24:22Z"
+    mac: ENC[AES256_GCM,data:2kp7TYn1C+uo0gtnAvLglhhKxe3j/rmAZnN1GcKnA4/RTCunef6zlGup+g+Yogv8z+wktmN+WGsBFhuu51o027paTlExlMsFwuvb7FOVNGPxyksDnAHJc9SBQYYMKtqUrVqPKxm8cfVmKIV+vYoW+C3SFL11XyOCtxjaI+R4IXc=,iv:4uPxt+CzDyMwHSEGZncfOH+4wN7w20Pj2lV0cTBhGgk=,tag:Je2fzTGcrX93xNAFjdL1Lg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3