add backup secrets to config for hosts

2022-08-07 12:50:07 +02:00 · 2022-08-07 12:50:07 +02:00 · 3fccfe3b67
commit 3fccfe3b67
parent c43341a8b2
25 changed files with 242 additions and 75 deletions
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@ -0,0 +1,11 @@
+{ config, secretsPath, ... }:
+{
+  dadada.backupClient.bs = {
+    enable = true;
+    passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase.path";
+    sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key.path";
+  };
+
+  age.secrets."${config.networking.hostName}-backup-passphrase".file = "${toString secretsPath}/${config.networking.hostName}-backup-passphrase.age";
+  age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${toString secretsPath}/${config.networking.hostName}n-backup-ssh-key.age";
+}
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@ -4,10 +4,16 @@
 , ...
 }:
 with lib; {
+  imports = [
+    ./backup.nix
+  ];
+
  networking.domain = mkDefault "dadada.li";

  services.fwupd.enable = mkDefault true;

+  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
  fonts.fonts = mkDefault (with pkgs; [
    source-code-pro
  ]);
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@ -1,9 +1,16 @@
 { config
+, admins
 , pkgs
 , lib
 , ...
 }:
 with lib; {
+  imports = [
+    ./backup.nix
+  ];
+
+  dadada.admin.users = admins;
+
  networking.domain = mkDefault "dadada.li";
  networking.tempAddresses = "disabled";