move backups to build02 storagebox, move borgbackup to agenix

2024-07-25 12:19:52 +10:00 · 2024-07-25 12:19:52 +10:00 · 5fd8b89ece
commit 5fd8b89ece
parent 92c55595d0
7 changed files with 32 additions and 18 deletions
--- a/hosts/build02/nixpkgs-update-backup.nix
+++ b/hosts/build02/nixpkgs-update-backup.nix
@ -1,8 +1,10 @@
-{ config, ... }:
+{ config, inputs, ... }:
 {
-  # 100GB storagebox is under the nix-community hetzner account
+  # 100GB storagebox is attached to the build02 server

-  sops.secrets.hetzner-borgbackup-ssh = { };
+  age.secrets.hetzner-borgbackup-ssh = {
+    file = "${toString inputs.self}/secrets/hetzner-borgbackup-ssh.age";
+  };

  systemd.services.borgbackup-job-nixpkgs-update = {
    after = [ "nixpkgs-update-delete-old-logs.service" ];
@ -11,11 +13,11 @@

  services.borgbackup.jobs.nixpkgs-update = {
    paths = [ "/var/log/nixpkgs-update" ];
-    repo = "u348918@u348918.your-storagebox.de:/./nixpkgs-update";
+    repo = "u416406@u416406.your-storagebox.de:/./nixpkgs-update";
    encryption.mode = "none";
    compression = "auto,zstd";
    startAt = "daily";
-    environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
+    environment.BORG_RSH = "ssh -oPort=23 -i ${config.age.secrets.hetzner-borgbackup-ssh.path}";
    preHook = ''
      set -x
    '';
--- a/hosts/build02/secrets.yaml
+++ b/hosts/build02/secrets.yaml
@ -1,7 +1,6 @@
 github-r-ryantm-key: ENC[AES256_GCM,data:Z6kGGGGLClFWxBu4RpPw3F/QrkLVIgkvLzi5ALUAjD/xUvrKvgylRoJVTBWEK6bVoZePxzXbdzNo7JzDvheRnDx4x/qQNiLjCixObzIqsIAEIqj2orJmNVRks2gLmFOCR3MS++tOV/tb3iRmjRSnzzSCdZE4Fzo/iUXVRZpTcO5ONxwTXd0i9Hlk9D6An0mbJD7cR93eBtWpyZM0LwYN5aEukUW/HYfsHKtqj43OlaaaBylIX3cMQzOT9Gup0uYb3yWVsvfqKC0WekAgakn6V1JM0wUJiO/dPQe6Su7nP5gEAxLXd6J8Y6lRT6KnWsQDf5GaIs5FoCJb3QXu1Pkv61fx5X8rdmKCbggp9cbtIcpGFhKM9vyLZnILdpCGGYLJGhNh/7XQvQLeaLuyi456m/fCm2j1vQ9uhON5caQMeFwNuvnaDErrZtNyTKUDcxgY6gtXIqmd7s2c+o1AQqC+dJf0jy/z2tYFwJrXety80CA4yc/yyvlfRLO+tPfhfsQPTbSMIof8oZhcHZNjPj6IjPpn5NbhWbFvtYbER5fSRhyvvwG5jPNtUnAK+k9OIOHo68tjbm7t8B55nm7Kd7gv3eajNl8V2M7jEidIhaIAW7SWhL0/FiRJWosHAq4p/G+URB1Ll9Ay/hKZ/78+hh4M2UQKT8HnoFleevxWFeMmmZDmk3YTGW5WWogrAQ3bA361/ggQwhs+07Bbl2e0VIMdY/gMvY1ppOuGHvoXhvfIQHLdOlgOMQW5MYBMwleMffrPJpsxGBMgwmXP0CmEwTE3Zg7G7cuNFxhR0z6W27ck06tLbn68P9z9GKh9TLnrbRsQHZVYr1eFt9ewr71vAs5t4iqGr5yzVT7fJRO1BZaifwybEDKRFScCJXEeEEu6l3/eqaq/tTHvJ/0TSl2udMuxzgtpUxx26RPvSJFWB7ACyFpMMJncUVKTxyr2vzP3WNLbqvAjEL1AmGVucHxi7zUfvDPw1gCeAgit8u0xuDH2T6Ws4kF6AuXqo5qC1MmIA8d8T3aw9q9iWj58/PMWC85uYwf3Od8WAD9BK3nb74v4TsthgxaY5JVOspnG1vKDZQKfjzHQk3kvT08sGgs438KFj+58Fe+9vqKNLH2DBizEKF4aJ8drbTBOItn/RFpoDtAdGKByeWjd3+0UDCJ1bI+6JB2PZo1CvpEz7GkjcK7y3vaEOnMyqGOzjnfVmfLQhVX3Vnx6mC1Z54slNlKTKTaeqoWrpqCT78NnC44c/Jqt7r6wuH/jqZt/uBXvENNyEn8kf8qbMcCjEtHZkzMoDuaoPbdlDCzOJbCiTEmyI/zvPC1qMxI2GfjNUSRNZIbKU5d47sgMqHJ40KN9paJZRt6hxLduk0BouzSF3DK1eV1x96Mi+lydOyLt34k/TlZzpVG3P3K/BIjlGQipNw7iRKxxF7QRvJJl6GjiHNIw3krHTvR5PPxBWL2BtQY6kemlenwVvpOfXSKVwTcMzq6V5gDrf2ks9DrzG8TD0zoPu3xw5SMoEq8DjE4MSvriw3jlgkAp9uxfqlksUXCayEqbuJpwa9O43LwwVVJbUFKlA/iWPU0zc4ejIBSyufnePcEZv7yYoPQEZIphPHKumqySND5p0WbmToNqYZgF7sdrxaIc2zh/jucE0TTI3jwn5i1D2RUpxvGOCjtPw29n7j8clRlrRQHK22628eKV1WpO4BI+jDZbNrkjDr43hhOKmJ0HTTkDkRP8CGjBV2qdnBWDKL98ksqfs2aXprtB9B4TrS0unUzHz1WH1R9BrAEOF/WoTKo/TXNc7AiwPxCm+FdGLgWsoMLuzwdq66QmdGAMIbtrzRHq/J1lHubt9ht9xYYJP/JwNuFjFoFOUubw/1ZkdFUrLaN7pN0Ll0ImoU/CudU8ehcwIyXx1dSYT8pcKNXp55Kw7MlydpcZvRVO7PJ0/HWMD+sLfm6OPTIPX/lFLo9NQwe/3xgfM0EJopQi7KFn2xoU0BGqsaSoO1UyOJr6NCDsXih58bPSbv2ho8ffIQxU289h1SjSQbxmVbH3R6sCN0YIJM7YmJ5oaZMJOCFX/Qg2RrtzN0dOp47GZQA+AXRwiccPaiJf+AlBODl0TUJHhqsCNbfp9mSz40wrrtxlXzbpelyzRNqyed8x5vFzEnLXUWGiQX6kh43anHpPO7rJOliWIudUo5R2Mi5sajZv04Og1V4BBcchjoW7ApnpsHOoIYeMtb7TsKxvAakAXrXwG0f1jr2/Wvi3k1/nLb9jv77IIlMqSejmPnkAjDmmDiFXwhu6WWw0tXCa4jQRu6PanpgTCOgt/UhdUpRC+CDM0EnLpkS2+TCspE/X75emx3VRaDo/aFKuF05FVS0U1nnH495ityljx141ztYnRlrzJyGS/Ps9v9NWR6CdTJBw1gOLCb2EwhBgJL6KZutkHir3uQfzRcBdw4O5QZ0VUPeUhMlUwtay6O/33RqAMpQIiLe0f/cRil/Ib3Xa05Gfdm2hLUgBsIl8ceScduMvl7bFnk18SFcWVWYU5CFaDuhsgD9vZE3BYjcCmAyKTqHhFyMZMZEnWE3vu/8u+0VgoUe0B2n4F8/vWSW7AEQ27hTpePNiUpTpI9ZtWUae/ZrBnbRV09SIfceZCrgCce7EtrHiILC5k6/HGsaoYFWT0B/cpBDJ5XnNNkbH8oOFd/yaNDHxcDhERje6Y5H9bRgPaZPt/H0xKBXxIYb6V9JZ4rc4qWaXWlZwyuNpjvwcm4GRTDyIp2Hdof6nBdn7AQrP5O0AXH3P1qqqIxEhx7uy4CNesFkbvt9zCtJQ9Od7kAWXWNp3YTRqKmmHQ00Tq5MYPwO3yybNRl2DiiBaA0a+l0CFNfGIgUwUvioZZ5p9yk+/CkqWuymkgbb+ChvXEZMskkkTJveZNhgNR4iFEHdMjaZhdMNPnfaFKf2rvu8pfAh7BFoWJOYNwkRXqI2eJNkXCVLbOuyez6Rcs0rDeCz5tgEGO5zPTTZg/VFD3p8dV5PyDSz+mIpe9M54I/FX0He4ws++u5AyDnN0CL//1rdZjyaEL2ZAD7l1yhH1WPttjikb9XS+SQ0kyxEnx/HMD0aNcIpVLbubRY/ll4JvkPG1KBKZfrm+cs8iaVTmyHcsfIPwnDOVTiVoHPoBH4Z35ULxVfNGzdw1S/qLuNLHCph+UNIrk/Ck8L27eobVetjzxqtBcdewVAZT7pOm34BKpukUvhe/zzUStUDZoMWdV005eLC76FH0JJyz8TCVrW1y1eHQzX8rMeBZEdoBseQqbU5LlptamZ7rUOJhkC/QLnZW0lSDOj17awQDxAFS5R7cewFo55Pe8XVu0fGZVdXO59biBuFOgtYiMrKoxGondhuiOTggjSQt1HLA7eAgRRrPG6npubPUAgpdwMsqRT6BS47WVL75vRu4TliPVKjElqWN3iQSze4ZwF71zNS775PqjaDXLRPKYMszpNgX7OMPbSb6EAiCQyT6R7gvPOgIVOrERCEF/0Vm7HjNHqTLOfW1M8um7e8gntYokVZtdGew/x2Dmb2PTj58gnYowH00ZrWbOw7DwW3nq0vpcAwB4Yo+H618dThdk3HDd+zOKHBJmoDP70QvNDyD5wDX+GkMTAL8/kfvZs98yvn3T7kw+qIm/pPfNJaigqutEmRFE7CRCewoohzQ0z/Glt0D1kh+OOnULIPrT2Pfq3nDhivJXC3HQZ1PFn9cKNwR/hl0Cslphm2sOwK3gpbba0vNvqXjh3w7TkJ3gTYQa81qiJbRwKvCOlAi3pt+KZalQ/DdG6/DBqVyYKqsJmAj/Y6NVQGpDBBn9uqlZ3G/nRZWaVEDKTdTXh4lPFMKU+o6b3fKsco4Bln4LfqB8BJU8xawTXx1sb6lHAcVZjEoWDU+u9VaGNNtI47jjxev0oeT+oID63xqz19ZY8pkJGSXtTbo/6jEkvSTx/l9v1mfSCytxMV6gney0Cx+QHAta7VHzKymgXcq0N1pt6XVoExLQTOIkPjIg2KUF9JPUg99WCsXZfLtqoinEYUZ/Alq7HOYKOdpjH+huID7Y2vda5Ivk8UuZpIeseQ4yhSoqA45QO+RQxX09xSUBjzLa8f6CJTfci5M0gY5P4QhmEdkYdMq14XG1dE3gK3Qw7FcpOB11GEamki5VT6+f512QH0h2V4dIf8sJFTHCYxHt16mXWv5HkmZAgv2QxchXq40aheKXwtMGmo/Ofi9iyX0qae6/t0XpRaXZiz0EJALZ8LXXfV0B8KUKe2o6RthDrhNXYzB2BZydWjf7yF1GWEc9a4TSTl1AUPAx5ExhayNATF0NMKRvanJVjJXRSZaN8QZnP0EKQycDwTmbHTXNg44oPx1cxGnBTfdSoB4n3XbDjOn8sSfMyllPe3k6dSGtJx3vHnVIjafdWcsRdUnSxu8rGg0HEIEwBkp6MsLbT9OTVYpqO4XoYe6KMaGJeWfAiaPSQTyZZkisblAGzAx5NnM51Rudo8hysu9BXlJtSvxHqXKdIGuF3/3gyZmxqezeHskbi0=,iv:Qg8SdZVOeOA1rHt/CCo1Fj9sqUvq5zhaetboYUIe2co=,tag:UNGFeWqBY46lK6/cEr4/Kg==,type:str]
 github-r-ryantm-token: ENC[AES256_GCM,data:X77cQQQDFcUe9VcHZwbhZdyg6wFsAEwRMDaDojWYyHJf4RxWwRm8Vg==,iv:/PxtdHM1eTbRZb0KrjuSSutxBVwmFaSejp62qb+/D10=,tag:K/EH8Rl6CeZcigftKO3hNw==,type:str]
 github-token-with-username: ENC[AES256_GCM,data:H1ek0++8fx4fIcxLZMe/fphuHmR3FHDGT0W+IJ4LXme0dgoD+S/uW+oLL7LEpb2lkMv5ZxGu,iv:TmWriUuA2l6L4tzMfisvtBRd5JsFgIAsSbNN7C/MExI=,tag:90L26NPokbG/xxQ37xf6Bg==,type:str]
-hetzner-borgbackup-ssh: ENC[AES256_GCM,data:/IFOie/xNTdthMSaH6Ltz07E9zoSC++OItZrWLuJAB8oqgVBZgs9uRdfz7ISKVgOwjTXBpWj1BJGFX/qO6repWPrIfULnrUzGrBmYc6yFmh38CI1ePr5vQMbPdXR009bh3rcuJ/FE56eDAZbeR3VWyYxRg/qtaddYiQFx08UVQjrWvw5ow9tz7zATN7c+KOclM1Uz2E7kSmO4vzXiDlaFjPQfFmCw+km0rxhUMnK07o2+7dt90/mtLIBZEOkof0e3LhJxcOEu+hsZjmkCENxASVyn6U2CHzh0x/L6Jic/8Z6rycW4OIzTGnQ08ZHYWGUwRN14CnAnVdwbZEBLWmX5gdoYiC5Qj2z3Egd91F8daCXlllLTkFiKAydLsuVOSCptO5rPPxOc2Uxbq93GyhDwQSDJf/sYDHf1MeQ0vCmAdFc9yJx5tjCYyAWYqiHML2edy9V3mhT2LnzBhWl0r0cp5xQyYeF7X1UYzIiyg3+VrEd61Yhhza8MmbE46/lVNoPMQkn,iv:nPYh3g8FnyuLcrvJchxzXK6wxJX65LQUpsk6QYY2h1w=,tag:pV88bePvVCVdRUVvM3E/bg==,type:str]
 nix-community-cachix: ENC[AES256_GCM,data:G/W/xi/bOfZcy6RL3ngOP0wWbz90s7d/4tFn2YR0ELxVPYCSHXNkkQRebLBtA5b4WCtbtMMI4Wnm8N4MtzLz8bAjoYxQ3vaimXIQrU4+d4Jj8GudNFGXtwP5P3i3G8Xq2fcHXvO5uhJAU+1nGAr8h2GmkW12pzohKp3kvGAc/T+sJ817pb35GyAfTmj5KmGc2H4vhkQ9MzbyhDpmDHwYEEDIfbtbk498ZTiRZnnAJ6D7dPH6CoLJbRqFa+LARgPYfVeO23xAhU4ahDiuup3QDmK3MlEpiUgywBqyn8QuvT5xHwvxgxat5kJsXARVepCPLi78Om02irn8m3ut2Yqxim7YBJ46pBM=,iv:trBlh1LBruagdwHM04l2xHGxvamPinFT4XRaJhqsuys=,tag:39tQ1M7Kd58U1+OozYrV9A==,type:str]
 sops:
    kms: []
@ -63,8 +62,8 @@ sops:
            blYxOTlvUXRIZVR1bFByOXlWRFdGbnMKX2tfgtOnWMm8g4tCPeO3/poTkncZUCoS
            MrBJuCFYJJUUwwvu/1Whyv2WNE0uenaa+fe5kade0vO8Ke2OPfxVfA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-30T03:17:22Z"
-    mac: ENC[AES256_GCM,data:oIvAffXBYfumbiZdtxPjpJ3SfqVOd2qqJq8En6k5sbFU+/y8pzl6fLvdzuF9DVHeJLgAdhdd1twpVV++9oxZMQC7BicJr6FbiWHxtQZ+jqM1Aj6XdQAtRclXvX3rm0lbHRHP7kszaQnWnsTv7uww4fPSU5XCpocuocX9ynrBDVg=,iv:WvBOUCCL7iYPA+VtBsZiQ0ryJOSaVvQvReuexjaRC7w=,tag:cnhKj5LWzg812nKw5G8n9Q==,type:str]
+    lastmodified: "2024-07-25T02:42:23Z"
+    mac: ENC[AES256_GCM,data:uym0MqNmDWWjBhswcgk7lnIjys07wWBqJufvBop2vQ4NnC5l2NJLyC4JyGoLbhciLjQxmd8M9xVMnp9luciH7YWheH2u4T6KG6AHryRlTQ8TAY1JwnkNCoDHEvEsCvmVCUpIwBhxEX6HEQiQQ7SNd4nJRdFcCmLiOvPV+SOcHZ0=,iv:NAFlX1vh3xPRJdWRki3/rId7KZ3DpI2sw4yQFzFheN8=,tag:T5cHmyptmZTO2riCGVCpkw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/hosts/build03/secrets.yaml
+++ b/hosts/build03/secrets.yaml
@ -2,7 +2,6 @@ id_buildfarm: ENC[AES256_GCM,data:18qi8jBCsntp/6mM8iFkpUS+4yQAsaL6JtLBR9fT51XSWL
 hydra-admin-password: ENC[AES256_GCM,data:t0vmchbXXIAzvM2nxm4j16N9W67yWRb439M=,iv:qr/OfyMvTzi6Znw446KtxE2erh3XWi2VTJvVL2Ot2UI=,tag:mS6HlE6nojkemjp4F59+wQ==,type:str]
 nur-update-github-token: ENC[AES256_GCM,data:KIZCx9IeuBHZei2V13iiyHzCedhkkGEd08mVJEc6F0DWQn1wtzC7+w==,iv:pNVRj/RR7wj64g640F7Vo4H10ijsxnrfFQnt6YHBug4=,tag:UlvOMNB5JZbuJaD9TcJ2UQ==,type:str]
 hydra-users: ENC[AES256_GCM,data:askAB+a3bsFvue/j9i6sYSwgOQl+rL+uh+1+z+xizzBOWdTZcvRh5uFHTkg7MV/E7tG7eRByQ7b+v/onJ4+l3rGJJ6qsWtLLLizC1rusngsAXyI9jt66eqpsyacN5kw8cKILjGearptrhUZDWdKpbaHII6fwUbWbjyV5fpoQzNmI4VELWEQMZ50yECfAfCLHx9iTdoMJHPXzhqwvAZ+TbX6TsyqbDrrNauYWNUBhCK7E2tDYAQqOGhxnQWI+gQs=,iv:Baqyd/WfloMuXTiICD2dlvENst8G6YU9rSHdRkTECkU=,tag:z4j5dYcba3aZTyWu5wvkzw==,type:str]
-hetzner-borgbackup-ssh: ENC[AES256_GCM,data:ZNrQp36c3EuERlAYez6SHTLbHK7ZmLNqDpAffTTQARL2zpnjpw1wJQJdm6d6Un1wTjYmHMJ/f1jCKgn389FGiZJwxSLUL4Ko2n5HffBTjZwTeqE1y4XFe6qvAY/LYBmD728ZWOsSWPvoVZOm1dG7LsxxwUZWk2VyDtvODuJBInn19Dn7Tw5VqPjJMJAp5CfAaW8ilEPpdeG0JQfkJkBQj0+pMlpI1EIVDvdZai5fesweUWeaajrPnIjrBbqdFvd8eG9qrTehLM7FvpnT2qllfsCOeQf/KTPEw16I6eGFFm22iPblJgHFPzpu1a2Lvwn+8HcwqSMlGI9poOeV5RwXqBhFX9vozlN8G82csAnehiZmLktyYin1kYF3nfOXFqH9fKxbvXn/1hxQP//GDeoaNlepa/K/w51pj1mgbIXIb5g/PKsHaC7Rv3iDMcYW977+lobA4WnxfWhjA6k/iBb1unkSKbrZs+iHglpOKueAq9g6HO5fJ299eY2+GcmsPU3QKm4W,iv:550mzEValpqVruLQBMMJeJHVyYfaxNHwCvXkvz66qI0=,tag:k48T+9AtJs8GTVchyEP8Jw==,type:str]
 cachix-auth-token: ENC[AES256_GCM,data:AlZlzPSdYSrQV7ENPSvUGbOwTmvLeRRuPBCKUHJJLYdmwcC3yuGER/O5xL809fuDs+ii3BTfA7So9iZr0EFSfreAy4s7KkD/nRElTf71sGNN/+01S9pkPMdgXtdPxx7QySpIiuW+PYKgEWcn5ZdMFNurIx8g8O0QMqkppqfc/s9v6f3zBD1VQ5VM+DBksdYnsnVhuXA=,iv:AUSWe1xHqjvqkgxIgejgyyw13Z9cJVVSYdk6+1Hdrzs=,tag:WF9soVRIx57VBN1A5I99BQ==,type:str]
 buildbot-github-app-secret-key: ENC[AES256_GCM,data:Z4CNXmB94hl6KYoghVnGFhvUUV4T4rbkhaMmeanMOJt5aqgL/ultpcIHdYajn0tdlh8GzUATP+NLCbERpySn100C2ejsUz6QJPHdkVJeo32WvZ/Tj+9FBGkeTgznHW2XXhUSQDSmDy4OZJydilw8FKC8Qk6EuLWp08bhi60XDOe2I+BoK8zJKQh6FkIYHJAo5y/kQGmBu8YowC2ZWZkshv/4gW2dcANShnyN6eBvaHrskQWl6wkMDaf7+Vzrok9HBL1C1uaDMcsxz89yMeNSupsGB1IGvEAFrubY5HAsr8AQUaGTs2O8KYbMFyiE2TanBueIm/ZkwimlhIHA3W9Q98wwIqrEAKBlv+GDGqWaFyDFazWnEsdIx71+tlX0JDftxD7uvHzLMiaqf4KTHPoO3fBTBVIREfZmXEwFfxaCQUlKMBHYQfigNLLITIQkQ/SiJ05EqdqlOdFkyDsyeUtsOaCwW6MoXpo6oKKaGa9Hd4fzl8jumU5RprbuvfBOZUbv2xFnR8Eu0IT3SrUdAFoN49bGKn9qqvciTswEfIAi2YKEmHJ9yzLMmHJ061t6EIU0w1XVb97Ir3QB09LId/Plz7X1M+9sNyug32Ymc6Km38Msd/sJ2jsKIoi6V9X0b5ybwEYQM2OAeXZWjW6EYJRck3eHvgYNjBj4k2iiQ2NPABCmno0XWLz2OqgKyOGi9XHVY73C0Bl+C1f27eNIFGfQTngfqPqMu7rStjMBY5E1tBewNDKPAz6FAGPH/tGgGEej+nnZRmkMzknz2AV+o50XEho81YMEwW4Z4+sx6ArubAFI1n3vJ6KO7fqKUaxm2EexB+fU+4wXATn3zD7HzNVFHiuZfI6q4Ta0sXdsGjopfDxkAd7+BaL1gU/B3OIfcsMxlFxMwucT/rS4IuVMjtTXtRL7kwQl321zZQRE4mB20xKBTQcG/0U89GoAcj4awFfKdvOwO4efP4FU4R/PZOw4YSVDpudm2sj+eW6mrsr7/8R4J/MAMqan7C6pKpcuPRhTsXMY4G9rlgp5WMAkRyzHHNNN93hrYprUgqkIKY4lY6jCV5p7wfgslDnRCp+N2easx9ysX6Wxl0lV9jLFoT6P8vdncTjTfxFdzK8/FBpQyld4DE+GwpKlcToZSWUMLJea5FyIx4NIOnvw0bcff868rgJLFN4OON89eHD7jaeU5iXsv3Jmlug0H+t6J+2JtqcwXF53buwH9XRAv3+XWEBqthBr79IsYra4kZYcxaM9XC6njd0N0Pt63EkWj9T/+hyUJvh0oZc9W6wiI/3r6idrizvNIygnFPFHns4b6HRy8O0pYDxhvMqA2V4/X+yEYQrv/M6W20fDwhaVcHLBRmV0IbcJzC7PF3msjenzZA3NaPArHK1D9bB1hDqoCsZEJl5qNr/0bGbIwzmTF1ZwJRcD2IrUokX1RuUcbu9my4eZ2t1SvwtCWNAw/MJOF9zEH+hZiJEo2xf2Kcjy60Y0kAgN5GyiZyVx/WA/ICTvb22UHBLrNGbd548WT1215/izBphsI+jfFaZsQapnhZdcSj77I2xYdwR1PfGUwua1Expc57PrMO/WKQH8uBM27DcRqQSjQV8MaL2R8EWvz7kjmk6aXmtDcIVEUVZEO67U0rniv2gWtLxd+YduvjuA70d18YNi+4f/Y0shQfkwkckcq56qhEEuEjdorvAtkYOhf4gX7ZwPbsFG1YcmEYMgFDCPE9+6ouU7FlNkOFpQzAtU0s5B36jqOAOzZ1WDpmG67R68tKq/W8HghZcwLvFXXqqWnzsQ9uTYgp8iXYbkVRMewYGvlL2D5Ykwv5bTqJiVkw9z+XFrhHWemVzpKNUYXUGlMdAEHnA50T4ubA4kLqfQvhJ0MRys4bXJEVB4g4y0edyAXYRhAov3EpgxPdojSqgzVOL0AGIW73zzB4HkA1VbJYWNsCDTA0EfP3F/18N8HrfIGJR5QAVa7PkxR38DgM9kJhjwyloSYrUdyqeD0/5QymGQAMvyRVQ9iNP2RFq3LwdYT+TRNQtkj1PXubQIsM9Hfu7s9M7fTW6J9z6v+wmBDh/IN945MVciYQM3uWqIL1lRCIWvkg9tG4c0dz/McRiBHPAcZSb3rpeN5yGa3q/JoaTMt00A5RErTvMu7RfSRcE00Yc76+qQHiPKbSaP5U5juhy1l9s7TILKKOBNCDGvOhBAGwS8ColNojQ0zI11tRusd9ewsEJm7rIvoVJLQPeZeW8=,iv:RnOm+3nmwpB2fdaHIrUmLMPTHqySYeeoLn3LDU/GIIM=,tag:wKjwBPU+zzMrVC7I6Hag3g==,type:str]
 buildbot-github-oauth-secret: ENC[AES256_GCM,data:C5P54zotOwe3u2cOsJMKEVmZVH6hrLp7Xg0JUlHBxPPXOVXWIUWWug==,iv:YutIXMrDsyznN76ApWDJF2rt1DPyVCa5dbb5VO6kM+c=,tag:GPEY2mf2sf9LSQNBx8PKFA==,type:str]
@ -69,8 +68,8 @@ sops:
            WUZQSGQyQy9halJsRTIvb1FGV08zZEEKmjlYY6epTuZKRBcVyjPvJI5XKQtP5Yag
            FMrI+M6hUeyBeCade5C+Y4eGQbt57BWLmsX7u0J1WTlkUSS5j7+wPg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-30T03:18:06Z"
-    mac: ENC[AES256_GCM,data:KptKlb2a4fW8UEQ/9NzHXnqejtVixl31t439Ibr0u8/prAvXENWaFo29JmF3HIV5lpk59BS3b5BGLlKbOvBOh95Oa5f9HlS8dRjcoCrPCLsgYZAdQrRM+CozNGpn7qG6c2X1KWbaSCCStP0xM9EQzd401YaHKg3vL5FZQljVW7o=,iv:Pzpc4xVvfQLJzP3Md88H79I7APM9Z4TfYcONn4axWbg=,tag:hJhuXoScDzFsd0JLCwqV6g==,type:str]
+    lastmodified: "2024-07-25T02:42:34Z"
+    mac: ENC[AES256_GCM,data:PRDIL01CTnlQ2im4OBYYP/DEX1cs4+YCdu2A+45duxu01KPViwG+C7WapkCH9x0E/78HNx0m7yyRpG7dyAhyWU8wb7d4A68po+WClIVp2pRq4VpjnwREqmN7bUbNyBKnCiO+wva/Q4KwypArxcbs5+PwbIFEBii1BKJSKwQNY6g=,iv:pP5fq5BW4m2IFWEa9tzUCREclmOtMGiGEknzh26CLYo=,tag:q1SyaQsxf/jR2VRyySr3QA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
--- a/modules/nixos/github-org-backup.nix
+++ b/modules/nixos/github-org-backup.nix
@ -1,5 +1,12 @@
-{ config, pkgs, ... }:
 {
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+  # 100GB storagebox is attached to the build02 server
+
  # upstream docs show how to restore these backups
  # https://github.com/gabrie30/ghorg/blob/92965c8b25ca423223888e1138d175bfc2f4b39b/README.md#creating-backups
  systemd.services.github-org-backup = {
@ -24,7 +31,9 @@
    serviceConfig.Type = "oneshot";
  };

-  sops.secrets.hetzner-borgbackup-ssh = { };
+  age.secrets.hetzner-borgbackup-ssh = {
+    file = "${toString inputs.self}/secrets/hetzner-borgbackup-ssh.age";
+  };

  systemd.services.borgbackup-job-github-org = {
    after = [ "github-org-backup.service" ];
@ -33,11 +42,11 @@

  services.borgbackup.jobs.github-org = {
    paths = [ "/var/lib/github-org-backup" ];
-    repo = "u348918@u348918.your-storagebox.de:/./github-org";
+    repo = "u416406@u416406.your-storagebox.de:/./github-org";
    encryption.mode = "none";
    compression = "auto,zstd";
    startAt = "daily";
-    environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
+    environment.BORG_RSH = "ssh -oPort=23 -i ${config.age.secrets.hetzner-borgbackup-ssh.path}";
    preHook = ''
      set -x
    '';
--- a/modules/shared/known-hosts.nix
+++ b/modules/shared/known-hosts.nix
@ -25,7 +25,7 @@
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIcqYTe10t/jJitpfr0lr55lKVltAQkWiMp4tNY7mZQ";
    };
    hetzner-storage-box = {
-      hostNames = [ "[u348918.your-storagebox.de]:23" ];
+      hostNames = [ "[u416406.your-storagebox.de]:23" ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
    };
    web02 = {
--- a/secrets/hetzner-borgbackup-ssh.age
+++ b/secrets/hetzner-borgbackup-ssh.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -15,6 +15,7 @@ let

  inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;

+  build02 = knownHosts.build02.publicKey;
  build03 = knownHosts.build03.publicKey;
  build04 = knownHosts.build04.publicKey;
  darwin02 = knownHosts.darwin02.publicKey;
@ -34,4 +35,8 @@ in
    build03
    build04
  ]; # hercules-secrets are only needed on linux
+  "hetzner-borgbackup-ssh.age".publicKeys = users ++ [
+    build02
+    build03
+  ];
 }