1 files changed, 43 insertions, 45 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix
index 5f1d715..c6aecdc 100644
--- a/nixos/haruka/configuration.nix
+++ b/nixos/haruka/configuration.nix
@@ -108,44 +108,44 @@
     }
   ];
 
-  #SOPSsops.secrets.borg-haruka-rolling-pass = { };
-  #SOPSservices.borgbackup.jobs.haruka-rolling = {
-    #SOPSpaths = [
-      #SOPS"/persist"
-      #SOPS"/home"
-    #SOPS];
-
-    #SOPSexclude = [
-      #SOPS# Rust build files
-      #SOPS"**/target"
-    #SOPS];
-
-    #SOPSprune.keep = {
-      #SOPSwithin = "1d";
-      #SOPSdaily = 7;
-      #SOPSweekly = 4;
-      #SOPSmonthly = 3;
-    #SOPS};
-
-    #SOPSrepo = "20963@hk-s020.rsync.net:rolling/haruka";
-    #SOPSencryption.mode = "repokey-blake2";
-    #SOPSencryption.passCommand = "cat ${config.sops.secrets.borg-haruka-rolling-pass}";
-
-    #SOPSenvironment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key";
-    #SOPS# use borg 1.0+ on rsync.net
-    #SOPSenvironment.BORG_REMOTE_PATH = "/usr/local/bin/borg1/borg1";
-    #SOPSextraCreateArgs = "--verbose --stats --checkpoint-interval 600";
-    #SOPScompression = "auto,zstd";
-    #SOPSstartAt = "hourly";
-    #SOPSpersistentTimer = true;
-  #SOPS};
-
-  #SOPSsystemd.services.borgbackup-job-haruka-rolling = {
-    #SOPSpreStart = lib.mkBefore ''
-      #SOPS# Wait until internet is reachable after resuming
-      #SOPSuntil /run/wrappers/bin/ping rsync.net -c1 -q >/dev/null; do :; done
-    #SOPS'';
-  #SOPS};
+  sops.secrets.borg-haruka-rolling-pass = { };
+  services.borgbackup.jobs.haruka-rolling = {
+    paths = [
+      "/persist"
+      "/home"
+    ];
+
+    exclude = [
+      # Rust build files
+      "**/target"
+    ];
+
+    prune.keep = {
+      within = "1d";
+      daily = 7;
+      weekly = 4;
+      monthly = 3;
+    };
+
+    repo = "20963@hk-s020.rsync.net:rolling/haruka";
+    encryption.mode = "repokey-blake2";
+    encryption.passCommand = "cat ${config.sops.secrets.borg-haruka-rolling-pass.path}";
+
+    environment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key";
+    # use borg 1.0+ on rsync.net
+    environment.BORG_REMOTE_PATH = "/usr/local/bin/borg1/borg1";
+    extraCreateArgs = "--verbose --stats --checkpoint-interval 600";
+    compression = "auto,zstd";
+    startAt = "hourly";
+    persistentTimer = true;
+  };
+
+  systemd.services.borgbackup-job-haruka-rolling = {
+    preStart = lib.mkBefore ''
+      # Wait until internet is reachable after resuming
+      until /run/wrappers/bin/ping rsync.net -c1 -q >/dev/null; do :; done
+    '';
+  };
 
   services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH";
 
@@ -268,22 +268,20 @@
     ];
   };
 
-  #SOPSsops.defaultSopsFile = ./secrets/secrets.yaml;
-  #SOPSsops.secrets.root-password.neededForUsers = true;
-  #SOPSsops.secrets.sefidel-password.neededForUsers = true;
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.secrets.root-password.neededForUsers = true;
+  sops.secrets.sefidel-password.neededForUsers = true;
 
   users.mutableUsers = false;
 
   fileSystems."/persist".neededForBoot = true;
 
   users.users = {
-    #SOPSroot.passwordFile = config.sops.secrets.root-password.path;
-    root.password = "1111";
+    root.passwordFile = config.sops.secrets.root-password.path;
     sefidel = {
       isNormalUser = true;
       shell = pkgs.zsh;
-      #SOPSpasswordFile = config.sops.secrets.sefidel-password.path;
-      password = "1111";
+      passwordFile = config.sops.secrets.sefidel-password.path;
 
       extraGroups = [
         "wheel"