SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rotate backblaze keys used by restic

Browse source
This commit is contained in:
SebastianStork 2025-06-30 23:20:59 +02:00
parent 9c5c7cd9ad
commit 6bd3313e55
3 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/system/services/restic-backups/default.nix
View file

@ -25,9 +25,17 @@ in
};
config = lib.mkIf (resticBackups != { }) {
sops.secrets = {
"restic/environment" = { };
"restic/password" = { };
sops = {
secrets = {
"restic/backblaze/key-id" = { };
"restic/backblaze/application-key" = { };
"restic/password" = { };
};
templates."restic/environment".content = ''
AWS_ACCESS_KEY_ID=${config.sops.placeholder."restic/backblaze/key-id"}
AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."restic/backblaze/application-key"}
'';
};
systemd.tmpfiles.rules =
@ -41,7 +49,7 @@ in
{
initialize = true;
repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/${name}";
environmentFile = config.sops.secrets."restic/environment".path;
environmentFile = config.sops.templates."restic/environment".path;
passwordFile = config.sops.secrets."restic/password".path;
pruneOpts = [
"--keep-daily 7"