mirror of
https://github.com/nmasur/dotfiles
synced 2025-07-06 19:00:14 +00:00
move encrypted secrets near relevant files
This commit is contained in:
@ -0,0 +1,17 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyAvWi9T
|
||||
NnFzUnlKUGord21NUy9OT1NDRjhIbFB6MUc3TzgwVzY3OHpFSlN3CmhuNFY1L1FB
|
||||
VFBHY1lNNjFYdFZyeHoxZUZyTFdpVHhqM1JqMUM3YWljVUUKLT4gc3NoLWVkMjU1
|
||||
MTkgWXlTVU1RIFI4aGU5Z2NUeGNSNmEzNFk0anBBbUw0NUtHTE55WmgxOUN0T1p1
|
||||
QUZyR2cKeTNack0vMVVsNTFMbmFSUXdUUkw2MTlnSzhRajVSWXJvZmV2QjlFcUZY
|
||||
QQotPiBzc2gtZWQyNTUxOSBuanZYNUEgc01kWFdYS3BBay96Uzd5cG1MMlNMNXhQ
|
||||
NTV4NVpvc2lLZkpLWkhZZlRrVQo0SXJhWUVMVUtYb1hEOEtJUnJoY2t0OUlpQVY2
|
||||
UUZYdHpBcWRvUU0yRHlvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSB2NTZHWUd2c3o1
|
||||
c0NKTThaMkgyeG54Nmw1dHZBQkZoYmJkOTZNcnVyMUJVCldzQ1NHNk8vTGRMNHlM
|
||||
eU0yYmltMkhlUjY2NWxhdHQ2N3BMUjdzTk9PMFkKLT4gc3NoLWVkMjU1MTkgejFP
|
||||
Y1p3IHh3OEEzTmIrQXhtSTE2REFUV1loVE5vNTRUbEJmNEE4YmhBckRmZGpwVXMK
|
||||
OEo5RXdwU1JuY3FPQnJNQ1hMdHJxcE4xVnVVWVVLREROYjNsZkN3ZzV2cwotLS0g
|
||||
aXMrandHZTJzME95VFRuUDRzWDQ5Z3N5RGxVOUUxQ1FGNGpvN3Y4SllSNApAOIi/
|
||||
0iP9cccbkUqLZJicpIlKAP+QsYM8Bfb/wYyaQPnh4vlKqil4LpQEfFW+/J82DIti
|
||||
8o/ddK8YDlLg3lwyiZ2dUm3O87jA7KEgd/g=
|
||||
-----END AGE ENCRYPTED FILE-----
|
@ -0,0 +1,61 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.nmasur.presets.services.restic;
|
||||
in
|
||||
{
|
||||
|
||||
options.nmasur.presets.services.restic = {
|
||||
enable = lib.mkEnableOption "Restic backup service";
|
||||
resticPassword = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
description = "Password file path for Restic backups";
|
||||
default = ./restic.age;
|
||||
};
|
||||
s3 = {
|
||||
endpoint = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "S3 endpoint for Restic backups";
|
||||
default = "s3.us-east-1.amazonaws.com";
|
||||
};
|
||||
bucket = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "S3 bucket for Restic backups";
|
||||
default = "noahmasur-restic";
|
||||
};
|
||||
accessKeySecretPair = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
description = "Path to file containing S3 access and secret key for Restic backups";
|
||||
default = ./s3-glacier.age;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
|
||||
secrets.restic-s3-creds = {
|
||||
source = cfg.s3.accessKeySecretPair;
|
||||
dest = "${config.secretsDirectory}/restic-s3-creds";
|
||||
};
|
||||
secrets.restic = {
|
||||
source = cfg.resticPassword;
|
||||
dest = "${config.secretsDirectory}/restic";
|
||||
};
|
||||
|
||||
services.restic.backups = {
|
||||
default = {
|
||||
repository = "s3:${cfg.s3.endpoint}/${cfg.s3.bucket}/restic";
|
||||
paths = [ ];
|
||||
environmentFile = config.secrets.restic-s3-creds.dest;
|
||||
passwordFile = config.secrets.restic.dest;
|
||||
pruneOpts = [
|
||||
"--keep-daily 14"
|
||||
"--keep-weekly 6"
|
||||
"--keep-monthly 12"
|
||||
"--keep-yearly 100"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuQTZM
|
||||
TTg0ai9yNi9Ia3pFNW0vb3JQczZtVEVyNkFNVzBlUVpVd3ZBbndrCklqdS8zeGky
|
||||
WEN0YW5xck5sSXpXeFZCbHY0NHhDMU5SeGlaYmN4Szc0b1EKLT4gc3NoLWVkMjU1
|
||||
MTkgWXlTVU1RIGJVZTZBdERTNUt6d0sxeGVOcnRtNmdCSlRKWUNjRHByMkZucUlz
|
||||
Nm5FMTQKbHFtNnM4ZCtzdFNTa214ZVRkaFdmZnFYOCs1Z25YTDVVKzloYUVHVlg1
|
||||
cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgOXFwSzByaUdidFRWbE5seFNEVDYxRWtq
|
||||
OXZURnEzVWphM0VoVnJvSURoUQpGbEt4YmcraDZOcXRTQUF1ekw4RTRCN2JRR1NK
|
||||
QlRQaGRZd1RIMWNiRWpjCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBzTTVsbnVjWUxt
|
||||
L0hyM21RS2w2a2NIY2xvSmZ0OUdDWGFVcG5IYlNhUFNzClY1bmdNUkRYR2QyYVFW
|
||||
VHF3enZqUlZqUWlvZlI2aHZrREdwZGUwdzdXUHMKLT4gc3NoLWVkMjU1MTkgejFP
|
||||
Y1p3IDN4cThQRjdvTWJ2S2FaMjZ0RHlDeElDc1BuU0JDSzlpcFdzT2ZhLzA1QmcK
|
||||
TjlFMkgzOFhKbkdvUWt2SGhaUUJXdjBxK2hUeE1sSzBsNWJyNG8rUlZRbwotLS0g
|
||||
SGw4VmpCMktjQ0ZpUExnWUtsOHhHS0tZckoxeTdtZXMyVXpWT09Ea1NUMAoRRzA+
|
||||
0rbfJ+eVeccDaulmqh+Wv3T1/+SQQJYD5trume3vSzXgRxJYeXR/BespsDzWJ3yg
|
||||
McHYNvEK76stD3vopKvpDU3Nk861xp++SavJtrIVKon6YJl6a6Ox+GxhrNk0+5f9
|
||||
xgDWhIHwzHLPvyseYNjRFy8GsYaP2tT9TGMrQHFTAKeuvA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
Reference in New Issue
Block a user