From 99e22820782f1078f6656adfc3acb2bbd1a37ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Mon, 3 Jun 2024 00:10:28 +0200 Subject: [PATCH] Add backup-helper to test host --- flake.lock | 38 ++++++++++++++--------------- flake.nix | 3 ++- hosts/nixos-test1/configuration.nix | 12 +++++++++ secrets/secrets.yaml | 6 ++--- 4 files changed, 36 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index c3ca3b8..8666ff8 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1717357414, - "narHash": "sha256-+/FzQJTZYDo4amDGC8dN/4CO5Cm3tQKAF3vNlB/VeCE=", + "lastModified": 1717365696, + "narHash": "sha256-q7/IPqbQeM3qPds8FQ0Qk+oETbX9Ki26kx4wrJfPixY=", "ref": "master", - "rev": "8f2ff7db03c24d39ad3873119c01ff3cb7dfddde", - "revCount": 3, + "rev": "f05fae6ebd7702789c99f5986d304dc627afe558", + "revCount": 26, "type": "git", "url": "https://git.t-juice.club/torjus/backup-helper" }, @@ -37,11 +37,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1716655032, - "narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -53,11 +53,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -69,11 +69,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { @@ -85,11 +85,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716651315, - "narHash": "sha256-iMgzIeedMqf30TXZ439zW3Yvng1Xm9QTGO+ZwG1IWSw=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5187508b11177ef4278edf19616f44f21cc8c69", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -113,11 +113,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716692524, - "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", + "lastModified": 1717297459, + "narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "962797a8d7f15ed7033031731d0bb77244839960", + "rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 569778e..56a3a84 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ backup-helper.url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, backup-helper, ... }@inputs: let system = "x86_64-linux"; overlay-unstable = final: prev: { @@ -63,6 +63,7 @@ ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./hosts/nixos-test1 sops-nix.nixosModules.sops + backup-helper.nixosModules.backup-helper ]; }; ha1 = nixpkgs.lib.nixosSystem { diff --git a/hosts/nixos-test1/configuration.nix b/hosts/nixos-test1/configuration.nix index cb7dec5..f0edcd0 100644 --- a/hosts/nixos-test1/configuration.nix +++ b/hosts/nixos-test1/configuration.nix @@ -50,6 +50,18 @@ # Or disable the firewall altogether. networking.firewall.enable = false; + # Secrets + # Backup helper + sops.secrets."backup_helper_secret" = { }; + backup-helper = { + enable = true; + password-file = "/run/secrets/backup_helper_secret"; + backup-dirs = [ + "/etc/machine-id" + "/etc/os-release" + ]; + }; + system.stateVersion = "23.11"; # Did you read the comment? } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 40845b2..efb4f7d 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,6 @@ root_password_hash: ENC[AES256_GCM,data:wk/xEuf+qU3ezmondq9y3OIotXPI/L+TOErTjgJz58wEvQkApYkjc3bHaUTzOrmWjQBgDUENObzPmvQ8WKawUSJRVlpfOEr5TQ==,iv:I8Z3xJz3qoXBD7igx087A1fMwf8d29hQ4JEI3imRXdY=,tag:M80osQeWGG9AAA8BrMfhHA==,type:str] ns_xfer_key: ENC[AES256_GCM,data:VFpK7GChgFeUgQm31tTvVC888bN0yt6BAnHQa6KUTg4iZGP1WL5Bx6Zp8dY=,iv:9RF1eEc7JBxBebDOKfcDjGS2U7XsHkOW/l52yIP+1LA=,tag:L6DR2QlHOfo02kzfWWCrvg==,type:str] -backup_helper_secret: ENC[AES256_GCM,data:L/Dzkv6LXoEn4pEQJA==,iv:429vRk7dN5fRSpW2sb16kxOwBZZ/mAqxqPu6xxAb9Yo=,tag:UUH9zpuOwAlwBGgdO0UJpg==,type:str] +backup_helper_secret: ENC[AES256_GCM,data:EvXEJnDilbfALQ==,iv:Q3dkZ8Ee3qbcjcoi5GxfbaVB4uRIvkIB6ioKVV/dL2Y=,tag:T/UgZvQgYGa740Wh7D0b7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -70,8 +70,8 @@ sops: V1FQQ0o4UVhEbWtFMEtFcWpQR0c2aDQKduenww5ggqovBUmU1u3xGNABx4MevBk7 939Mp8UtDPblCDBFi2SmxrrsFiQDOWVkz7llHTmLHYDPEejkVc8/sQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-02T19:56:05Z" - mac: ENC[AES256_GCM,data:E80OElIx6ttV4ABVDG1LnUBQ/vmngKRLrAowZIuxZcJLLWfemojRCC697y8tyu4fSxEKvaEoz7FJau1xIZ2ATfYUero5iz5L+6l/t8d7CiF2RWEfMcfwMKCDkjesnf/FaG4poPBc19Y9qyPBB/Ot9uxs1HRAD0niT9sOfb6/kEA=,iv:s4m6C9ffqvfSGRwlO1y3G0mdfGkwbyb6fxS4P4XNMTM=,tag:yQyeFQpzpIm4B59ec2+S7Q==,type:str] + lastmodified: "2024-06-02T22:09:06Z" + mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1