From 3f2a9fd51df17a06a749900d3d9fb826f402e881 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 23 Apr 2023 15:35:54 -0700 Subject: hosts/aptos: do backups over sftp with a dedicated ssh key --- hosts/aptos/secrets/restic/ssh-key.age | Bin 0 -> 829 bytes hosts/aptos/secrets/secrets.nix | 5 +++++ hosts/aptos/services.nix | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 hosts/aptos/secrets/restic/ssh-key.age (limited to 'hosts/aptos') diff --git a/hosts/aptos/secrets/restic/ssh-key.age b/hosts/aptos/secrets/restic/ssh-key.age new file mode 100644 index 0000000..05024cf Binary files /dev/null and b/hosts/aptos/secrets/restic/ssh-key.age differ diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix index 529e7f9..21aae44 100644 --- a/hosts/aptos/secrets/secrets.nix +++ b/hosts/aptos/secrets/secrets.nix @@ -20,4 +20,9 @@ in publicKeys = [ root fcuny backup ]; owner = "fcuny"; }; + + "restic/ssh-key.age" = { + publicKeys = [ root fcuny backup ]; + owner = "fcuny"; + }; } diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix index e79bbb5..1168dc2 100644 --- a/hosts/aptos/services.nix +++ b/hosts/aptos/services.nix @@ -23,14 +23,18 @@ in backup = { enable = true; user = "fcuny"; - repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny"; + repository = "sftp:192.168.6.40:/"; exclude = [ "/home/fcuny/.cache" "/home/fcuny/downloads" "/home/fcuny/workspace/linux.git" + "/home/fcuny/workspace/tmp" ]; timerConfig = { OnCalendar = "06:30"; }; passwordFile = secrets."restic/repo-users".path; + extraOptions = [ + "sftp.command='ssh fcunybackup@192.168.6.40 -i ${secrets.restic/ssh-key.path} -s sftp'" + ]; paths = [ "/home/fcuny" ]; }; }; -- cgit 1.4.1