diff --git a/hosts/build02/nixpkgs-update-backup.nix b/hosts/build02/nixpkgs-update-backup.nix
index 5e645d3..723342f 100644
--- a/hosts/build02/nixpkgs-update-backup.nix
+++ b/hosts/build02/nixpkgs-update-backup.nix
@@ -1,15 +1,8 @@
{ config, ... }:
{
- # 100GB storagebox is under the build03 hetzner account
+ # 100GB storagebox is under the nix-community hetzner account
- sops.secrets.hetzner-build03-borgbackup-ssh = { };
-
- programs.ssh.knownHosts = {
- "hetzner-storage-box" = {
- hostNames = [ "[u348918.your-storagebox.de]:23" ];
- publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
- };
- };
+ sops.secrets.hetzner-borgbackup-ssh = { };
systemd.services.borgbackup-job-nixpkgs-update.serviceConfig.ReadWritePaths = [
"/var/log/telegraf"
@@ -23,7 +16,7 @@
encryption.mode = "none";
compression = "auto,zstd";
startAt = "daily";
- environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-build03-borgbackup-ssh.path}";
+ environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
preHook = ''
set -x
'';
diff --git a/hosts/build02/secrets.yaml b/hosts/build02/secrets.yaml
index 62e60f3..c2c50b3 100644
--- a/hosts/build02/secrets.yaml
+++ b/hosts/build02/secrets.yaml
@@ -3,7 +3,7 @@ github-r-ryantm-key: ENC[AES256_GCM,data:Z6kGGGGLClFWxBu4RpPw3F/QrkLVIgkvLzi5ALU
github-r-ryantm-token: ENC[AES256_GCM,data:X77cQQQDFcUe9VcHZwbhZdyg6wFsAEwRMDaDojWYyHJf4RxWwRm8Vg==,iv:/PxtdHM1eTbRZb0KrjuSSutxBVwmFaSejp62qb+/D10=,tag:K/EH8Rl6CeZcigftKO3hNw==,type:str]
github-token-with-username: ENC[AES256_GCM,data:9k+TaxVIQ6BUASckGTAAdDsSS1OQ7WfF6oUdY8t/24VU5bK3M2Uozbfh6qUtmZFLcA==,iv:4AE/eoXHm1/gd3SdRYY+LyI56YFod8YD7ZKZ6uG840k=,tag:fboN3lX6vKVZHEtaZ+C8Gw==,type:str]
id_buildfarm: ENC[AES256_GCM,data:4Oq/x3xuWH9FsCFjRgg978X4bJMd/JwxtIVSQBEMEurL9o5WqACBhpd8HXOPnFs3p4XL2Mfi+if1zzWai2LmiySuyU4VGAn+c+IK29C7nvgjFF1ywuu0ivWKMHCx7slDgsGzEO4AQ6IdxcVoRpANaChz9HF33ebZcwiasu2ZxPouSjKp7vpXUv7ZiCkagDxpLGRwkwsWdGHkBJsWli0PVwttXyy+UG6CajOQbPkk0CPcQLsgi2NFOrfbUXth5gcFF94WSoHElsU5BETZcHKJnXu6s0rdR1gsV1b4nzHlyTgDD2R47B/4ly+ocnQw4k7Nm9U0aei3DSoGxXdfYCFyL3N3w5ZHjkwm5Nl3RpI+6Zv1LHhHYROnfE+/E0GyBWQ33l9OqkrDHcxMnn0R7hvDkGjxEmrXyw2JD89xkDuOERMasBm6Th3cJ/1kVaxnw8b+8HsYX10Wx1PuYEagTEvlXL+bXBj2Rv+u+l1VLU04L6useL10yW2+Kop+T37w69Dc01FB98xm1UJF8SfMg2pgKqp4Ze+8bUk6ITrf,iv:KlHLfglujK0WnUW9K7ePwXAtoFsb0l4TeKk5OUVlr5U=,tag:IAZb34yvAjneJWI9XOi1Ug==,type:str]
-hetzner-build03-borgbackup-ssh: ENC[AES256_GCM,data:HfeKBdbLeta4r2iqkqbj7id/AEebLXEob7uU2jsOa3sca2AkItnzfa626ixTp9OqlYxNOIRU0ZrC+tF5vmEa4ZQtHZeXlKWc2rmP/B/DhyIaYcxS7XObUeKpQ34g9N6mwzh1Uxoj7obZYZbUW44Opkrz5Fj62b+F9qOmGU8x2VXp7LiMElANLIjKIGD6I6BrYUbVwjVFw2ypajfWKnQS8Azdn5fIxVI2hlODIuztIOHkENDqMNmljMDqGD4jcRXGnFdeAjEAijj4IXRKWmCcWm07RcmG2vQGzmr6Z3l5K40+GpumfLdBz+bl3zZl9pHfksjq5mEZcAWscsW8SVPTFI+015RNsirfhTDI+j7ByXsQMf6xCi34Vz+vdv0ylGh09zCqVETwM5O3/pdbnAcsiyj7erYdiCyYzuTGhHmNSOTLdPe2Cahw3Ih3QQxREbAlyYtLc4rjoMaka33IxIzkc4wb2Cc+9Ji9m6MS7imS/KZoX0YJ0pAbNwkBHRwZEouVXNID,iv:dU7xtqDWfvJGC953fElbBq6xou3cVTs7Vs5xQk1sI8M=,tag:onXBKtpBRAgFI8Br8yJx3g==,type:str]
+hetzner-borgbackup-ssh: ENC[AES256_GCM,data:/IFOie/xNTdthMSaH6Ltz07E9zoSC++OItZrWLuJAB8oqgVBZgs9uRdfz7ISKVgOwjTXBpWj1BJGFX/qO6repWPrIfULnrUzGrBmYc6yFmh38CI1ePr5vQMbPdXR009bh3rcuJ/FE56eDAZbeR3VWyYxRg/qtaddYiQFx08UVQjrWvw5ow9tz7zATN7c+KOclM1Uz2E7kSmO4vzXiDlaFjPQfFmCw+km0rxhUMnK07o2+7dt90/mtLIBZEOkof0e3LhJxcOEu+hsZjmkCENxASVyn6U2CHzh0x/L6Jic/8Z6rycW4OIzTGnQ08ZHYWGUwRN14CnAnVdwbZEBLWmX5gdoYiC5Qj2z3Egd91F8daCXlllLTkFiKAydLsuVOSCptO5rPPxOc2Uxbq93GyhDwQSDJf/sYDHf1MeQ0vCmAdFc9yJx5tjCYyAWYqiHML2edy9V3mhT2LnzBhWl0r0cp5xQyYeF7X1UYzIiyg3+VrEd61Yhhza8MmbE46/lVNoPMQkn,iv:nPYh3g8FnyuLcrvJchxzXK6wxJX65LQUpsk6QYY2h1w=,tag:pV88bePvVCVdRUVvM3E/bg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -64,8 +64,8 @@ sops:
blYxOTlvUXRIZVR1bFByOXlWRFdGbnMKX2tfgtOnWMm8g4tCPeO3/poTkncZUCoS
MrBJuCFYJJUUwwvu/1Whyv2WNE0uenaa+fe5kade0vO8Ke2OPfxVfA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-04-30T04:02:55Z"
- mac: ENC[AES256_GCM,data:ZIEXlVfPVcIkub1q5jHuZv2T57ypQgJuFX6d8nKVZDTdeJO2scj+rPf9wIFRAPK8mIiqz39Q2mgRG0Yh3fDfyrVmjpwhzam57l9ooxHrdFLiQf4jcgp7CbON3DrF+OfwfBLNtd+730wOhyg/72xozxGFjgvMKYPEbsb8sovM9nc=,iv:ejocsGwstb+pNkXeyl+kPqyBIpSgIYQz2gHtAu4KNVM=,tag:5yt+FnVUvZ/kzr7n9QJagw==,type:str]
+ lastmodified: "2023-07-02T00:08:59Z"
+ mac: ENC[AES256_GCM,data:zA3z9hwx9+m4bbvM7lsmgeZlD9PWmcsWEBFOWdPZKnQMy56UZf+qRQjNBA66UhKbEgmr5BKvQXCta5HZJ/M7rIp44uiHAq1r+ssoEBW1AKafmv4JSeeLA0S4WidpQv0n+Cq30EauX4CECwfi5rviL997q/Yamg4T3+mW9rQI3jk=,iv:AfS7TSNIOypDO7LZmcxbQwRYHzfjGECSBcnBnZtVeww=,tag:P+Wbc0FEZ3lkmkwU6Iqg2g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
diff --git a/modules/nixos/security.nix b/modules/nixos/security.nix
index fafce40..bc257e7 100644
--- a/modules/nixos/security.nix
+++ b/modules/nixos/security.nix
@@ -27,6 +27,10 @@
hostNames = [ "aarch64.nixos.community" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds";
};
+ hetzner-storage-box = {
+ hostNames = [ "[u348918.your-storagebox.de]:23" ];
+ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
+ };
};
services.openssh = {
diff --git a/secrets.yaml b/secrets.yaml
index ae4363a..d8e161c 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,11 +1,10 @@
build02-root: ENC[AES256_GCM,data:cNqf/Gw+d6mi5buPZu4+,iv:afT+IPf1HY98QQeBEVEfelEpcxTZHsAmDttEdyfvkWA=,tag:MUjl56D52rsHfpqt4tGcnw==,type:str]
build02-admin: ENC[AES256_GCM,data:rTVQQnj9yBaiUnib4GAYBsoDZjs8PJ0kb6GLr3iOhhW92s26veybw3ZsdGSEJPdsE0xD9NtaN8DHfMP/bgA1gUX9y2+qcmRfkbT67LFo9fkw4AKSkC5fABtq1EeHQfE3zLMebVO2g9xnQ3w7Y/HFX8rUlYDA7GhYrTgL7FwXNE+/J6rckv9aW0GxKjvFAhqkCbXxDGHebxpIBDbgF1JldmHDFQ==,iv:YXERjZTyNGAlK/9C4i2L/P9p+P9cz46/yk/fda3ryu8=,tag:MuDFM6zg+LSoPkkmK3UFgA==,type:str]
-build03-storagebox: ENC[AES256_GCM,data:CclKBgAoiaK2jf1l2IuE8w==,iv:IEn77G6EwrfNucNDmrrlliKZFx1S0rfbXOXzqqU2NUI=,tag:BtbzDUjDfRwj2fhNexXx+g==,type:str]
build04-root: ENC[AES256_GCM,data:Qy3xWgN6HCYRxAd/WArd,iv:2OT9i2YFHqiRx8cyPZ6oW/rxWNgqXdzD+Kk4dP1HbrY=,tag:JQ76gLcCau+ozMOZPcifeg==,type:str]
nix-community-alert-bot: ENC[AES256_GCM,data:Yg69dnfFGXtMTLeyXnMjeIc8+fBmeA4lEYNwSh/ahHdVd/um8oe+CSBDhIqio2sB+GrrpoNAwMf+6rC5fK7q71eAoKcrzjz2nneJdYY=,iv:fbF8t1ySI4qJ+uj33k2N9C/x7bCFdR5OBI/CGhz3zC8=,tag:xcY0Zxtb/w9vRpA56ro8Hw==,type:str]
nix-infra-bot: ENC[AES256_GCM,data:+YRdg8wzRtAUF5GbWvO++qgcyi0st/nMu5PS/IgcBpFj1Zsazta7URuLkSiDFpZDzQYt3bgRzv2dXjPS23hZFoLqgaYysq1E8RF+lvQYHbkMXfR8d8DeFIOtkucW1EIdYMnzEgvfonbF1j3fiy7aDvzDjMK0CJrHzqnDpiYb7W0rMCTyuOyrm0RVw91GN6VTZOrR3dOykJoO4di0qLMlQ2hdYNQi3XQBntvB58gjr3AmtUhuSfw9F4UXdqAPLXi1FnT5rxpBEA09N9Y=,iv:LFqq3WvxlOaz2hQpbcjMDXWWdGqJRjLSQLLZdypHK6I=,tag:PG5sECQOZ6AKW8eGbQSA8Q==,type:str]
cloudflare.com: ENC[AES256_GCM,data:HtBSlzYtzeV4qrBlNdQXNQGRwEt/4dKt6iH4+ryOHib5HDJxJhG6zYneItFxQ10/fuJlXqLizfladsUzADvvEwCp4KJ06HaZn1do56J3lelDz+ROOuKzvTncGt/Fu4rjwT2SSHXmV+XTy8B3iBXDoX/d/u87J+j5y+BLY2XDLcq7YMDizyV/qg4kboKp9r5lravvNx2ZOj9T1TnKkJBJ32lH7Iz7SHo4qYOc/IBGXAS+e2qGVPCLWuygKg3mxTJ2Y/y6ba6JuC97fEo=,iv:dOACToYa8S44ANNIsHktD/lAG+VR/+mMqcdF8n77yaA=,tag:eqtUmKOGb/hFLIRl0FXNeA==,type:str]
-hetzner.com: ENC[AES256_GCM,data:/d7o18AVUd0QtNJN1i03DAEJPebmbiA48QpZBScTJAFxnh+FS3Pf0wmq2CvLoTd/BRVTRUWyHKepzjYA5uOvzgviIh5D1MNLt/M1LxD3qz38jCIpwcqarjdxTVrsqgXFcSGTLxmgwgc=,iv:Sesoc31WoKH9kkfUEc7MGq9tdAivxWFFFI8ooLg7e/o=,tag:k8UpnH1LpdCmCBKLG5jU5Q==,type:str]
+hetzner.com: ENC[AES256_GCM,data:rcYjYibR7lrdr8JTJ/ljS913kTjsC2J8HEcORA15x52l7+yYFS6FCsrWanFQaM8yc2w7NDp6+ND8PhQh5PLzuIJZyWHcosetJ9/Ow3SJjqNMnH2GogD/23iS3zwg2gKvnyMp/7gDIUkzsqHVysx3GIWjzq7Hdyq8Ls9/GIPqU8VYccR+nQ==,iv:kXygbJHHIJUkz/NAuAPBxqGAepLO/o3WVYz6YEwmrio=,tag:SKOCB1T8Cv5qkH856UAHvw==,type:str]
darwin02-m1: ENC[AES256_GCM,data:0WKa4cWpEqWvZrEn,iv:ig+gD7ucGVh2WKVzmuxMiM9A2RJVM0E5avRzzc2Zqjk=,tag:6y0rEvjui0spqeE9uP+L7w==,type:str]
sops:
kms: []
@@ -58,8 +57,8 @@ sops:
MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/
oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-06-04T04:05:42Z"
- mac: ENC[AES256_GCM,data:nU8FuHREK7NxNpMXYKyQVIv2FpncnMr5UhyrfXV7dgbCvnIxlLWP60O5dAXaZqK1DWtD3XaJzmznyyFEnBMmvJLKY9TOcp5QWIxEZk5vZYEq0hkEdWLplJKYYp2h+YOhptIDqSbOPi7SUreK+qICOpOYYYxgtJxGH+ze3pGFmPM=,iv:FL3KBQNbS0yN26cIs8tLahu/u+W7571TvT1OWRBfdYw=,tag:HP7RbM+UjQ4RNjuKQubm8w==,type:str]
+ lastmodified: "2023-07-02T00:08:00Z"
+ mac: ENC[AES256_GCM,data:iFcgo424SyC/tLdDWkgWfJQBJMjdq1Cl3tuve23yLuXd5jT0R/3c6OFBluKi2mtljt/3uPu8U4diA1HMUOHkuQ51my/CRXO3mrPkClltJe7qnitfdRzhtXEJa7ESMbdRRe6r5Qp8z7eHsCYDmZvebtBHUhxwfqcrgWEMddzjtOE=,iv:FVg44atkuC0d8HjfoWisgYVtnJglFlAw6nNpvIiFEEc=,tag:DHyZk8tEpvGajqUjRNR1Mg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3