hosts/aptos: do backups over sftp with a dedicated ssh key

3 files changed, 10 insertions, 1 deletions

diff --git a/hosts/aptos/secrets/restic/ssh-key.age b/hosts/aptos/secrets/restic/ssh-key.age
new file mode 100644
index 0000000..05024cf
--- /dev/null
+++ b/hosts/aptos/secrets/restic/ssh-key.age
Binary files differdiff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
index 529e7f9..21aae44 100644
--- a/hosts/aptos/secrets/secrets.nix
+++ b/hosts/aptos/secrets/secrets.nix
@@ -20,4 +20,9 @@ in
     publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
+
+  "restic/ssh-key.age" = {
+    publicKeys = [ root fcuny backup ];
+    owner = "fcuny";
+  };
 }
diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix
index e79bbb5..1168dc2 100644
--- a/hosts/aptos/services.nix
+++ b/hosts/aptos/services.nix
@@ -23,14 +23,18 @@ in
     backup = {
       enable = true;
       user = "fcuny";
-      repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny";
+      repository = "sftp:192.168.6.40:/";
       exclude = [
         "/home/fcuny/.cache"
         "/home/fcuny/downloads"
         "/home/fcuny/workspace/linux.git"
+        "/home/fcuny/workspace/tmp"
       ];
       timerConfig = { OnCalendar = "06:30"; };
       passwordFile = secrets."restic/repo-users".path;
+      extraOptions = [
+        "sftp.command='ssh fcunybackup@192.168.6.40 -i ${secrets.restic/ssh-key.path} -s sftp'"
+      ];
       paths = [ "/home/fcuny" ];
     };
   };