Add hydra and matemat backup credentials

2023-05-16 18:51:41 +02:00 · 2023-05-16 18:51:41 +02:00 · ad6bd323d3
parent 89627efe85
commit ad6bd323d3
4 changed files with 19 additions and 5 deletions
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@ -269,6 +269,8 @@ in
        owner = config.users.users.hydra-queue-runner.name;
        inherit (config.users.users.hydra-queue-runner) group;
      };
+      "restic/hydra/password".owner = "root";
+      "restic/hydra/repository".owner = "root";
      "ssh-keys/hydra/private" = {
        owner = "hydra";
        mode = "400";
--- a/hosts/hydra/secrets.yaml
+++ b/hosts/hydra/secrets.yaml
@ -16,6 +16,10 @@ ssh-keys:
    updater:
        private: ENC[AES256_GCM,data:D9IHwI/gOc3LFDdiRpMYdldPwfZpvF03ThJvqVMESqHWRoKXrb0raUkLDfy0kvJZF2glWwXME3SDToiyi+4/iaxCEkO40qxxW4mqzrNfVNq1OjcyganYML3f7sDtQ6UzsBQK3CWlb6YvdQlvAwaUvhPuCu9bi8IBfSTDZtV8NcAyVkir8sOYALAPUxoiHXAk01I3htcL9EMpK9MExQhpkwL4ESlXQ5cB+qzUnOW1jGyN7FvKIlkLpIPxtKKiUV86cNkxYe84H9/1Jy3VjmTf03xhnWlp3d4/pbUhgFnT2wVZH0A4tu6Ewhkx8I5v9fqEunOTvZE2+6a5lfHpdva+mK+wDItwF2fwt0PHXUBVoIvqRI3LZzlqI9FNv3xRW7Sa0q8tHiQjrtTLxw9MtuwDlisBpLEWKkhVEUGuSznGRH1PxyL2kNjavWTgRsRY5dPDWAWAQ37AJBCfqGyRg+NE5cqZBzYBheMHKrGqp7ePmKaIBw6F5qFZ1II7ucNUeimu9A/3qMMU41B/++opDKq3,iv:DMD11AUuWPHutmZOVBeL1megyvQxbJ9Tw5ApH3RWrCw=,tag:yyWpFuJua79+QCMIOOCpwQ==,type:str]
        public: ENC[AES256_GCM,data:sphILo6Xz3eCsIC0Y8fr4+CllH2nK42aijMDp5Psc5vhnxCuBxL+Zh4yT3NkPjAHMYZyAxp35uOGOjpOUNS+ii14C86WVTpWtiX3d52/1W5MK9SUGIBQrw8oGoqJeg==,iv:SlinQ+S0QEI6pMzUm8oJqJmlW11ULne2e73974RHiYw=,tag:QkFP9D3MsXM6OSPDqnKKOw==,type:str]
+restic:
+    hydra:
+        password: ENC[AES256_GCM,data:TVQ12PZpREWiOosAd6bLF6ksOcrIJyxn6SUyYTEimT0=,iv:76iy8wX89CxeRJLjH+xN38HuU2if9UmslFQSskQQGPc=,tag:Ov1Kk2jGwqberFPNldW3Sg==,type:str]
+        repository: ENC[AES256_GCM,data:enrY2E+ckmqh4ZPx87/JPZVdumAq4LltVyyOMJu8VfFTobE/KbvZZ8APJofMRdGFy74DVUDfbTearHBLjryZG/s8JSBEkFA+qN4FoeUTYRjriNaWzGLQFI3QVnlETNeQ,iv:61RIcOEnYzcwVcw9+Tzq1uyqPEGm3MDOzaYfPaBQm4k=,tag:xImYRWaeWytMhvVNQkJYaA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -40,8 +44,8 @@ sops:
            WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
            dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-03T18:30:22Z"
-    mac: ENC[AES256_GCM,data:dy18dqKru8/ytsg44j2W+dAkW1yRcAHdvQIkVlPid5Kg/yu4c4Ba47p3idEhySmN7JQaqZmVKhrsU3VyJ/vURXyaP+vlkXdIfed2dTd97I07pTpI7+NA2ekN3teDvh/hmuxnUZwNjIY3WbaR1Yyu4zMJ4qPJMKDR59BORy2iigk=,iv:K1X8yjJJI0l6VJnBBUZs8onomILB9QfNtuVk3ToONtw=,tag:ORMFr4XRojlaro2aP9apNQ==,type:str]
+    lastmodified: "2023-05-15T21:34:01Z"
+    mac: ENC[AES256_GCM,data:/Nf2F9WAt9FwdU+kfwomjCtu41r5LMezzQL/7AmOTDRw4geqL/AmlDo0UacJjAy9sa7pPl267lsv3CWCocVaCDCyemzjhW6/IbmGpx/2KlkX27pVIxd7S7Ai8lsqHQzhWcFaI3ASgFuisbZhl60CPeG/7p3lVXi2tOFUCT5sfvc=,iv:WZjQqU4EjN3IHlGTvy3VMWkF+DbGmUqyFpPovS7RZYo=,tag:afSJ5E/QkuL/KkHq9Fx1ag==,type:str]
    pgp:
        - created_at: "2022-12-26T19:10:03Z"
          enc: |
--- a/hosts/matemat/default.nix
+++ b/hosts/matemat/default.nix
@ -61,7 +61,11 @@

  sops = {
    defaultSopsFile = ./secrets.yaml;
-    secrets."nginx/basic-auth".owner = "nginx";
+    secrets = {
+      "nginx/basic-auth".owner = "nginx";
+      "restic/matemat/password".owner = "root";
+      "restic/matemat/repository".owner = "root";
+    };
  };

  system.stateVersion = "22.05";
--- a/hosts/matemat/secrets.yaml
+++ b/hosts/matemat/secrets.yaml
@ -1,5 +1,9 @@
 nginx:
    basic-auth: ENC[AES256_GCM,data:VIjP7lqSmGxKswz1XDLxKp4=,iv:meyfO0gUjfqS5bRjnBMzR34UL0uLInvodv+8DS5IRnI=,tag:GHIKdh14N1JGWbRedr9T7w==,type:str]
+restic:
+    matemat:
+        password: ENC[AES256_GCM,data:HTmFqGVJXx/jJsJa5wAQgVChxCxowcIPAtIIlcGrBZo=,iv:GQiU5QHJnltFDZIvCbNjxQ8G0q2Dx96iHMtVED0+WlU=,tag:A/DqiVDzdTkAsMQ91WlDvw==,type:str]
+        repository: ENC[AES256_GCM,data:T9vOnodT1tpu1S0Kg89/Pgm/vD3vjxj7oi0Ecn5xWfNhZNOZNrk7VAYSQMWYSPLECdVNVirAGSNpHFDViPppeT38uVkA1ErU9QVMuHnBnTKKFxF5sVzjlRLIWw9T2Yca5bKVlw==,iv:z/VGOwMAj8nY6Y2qGXWD/LL4ndh6p4obLmB4QgzoRhw=,tag:yAhL9dHecf8DtrRn5E4HnQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -24,8 +28,8 @@ sops:
            QnpEYmxzdXVoM2lQaWJTRk5jUnY5ZTgKIiOCV2WB+R5LAgj6nyS/9dcqmN6FWIaN
            SlQTSOzYFop776o7A9r109XtKi00ay4wMssZapTuyGaDkTrdgltE6Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-26T22:16:10Z"
-    mac: ENC[AES256_GCM,data:AysAVvYXKAIw7KMjVCilXmRYEP3+i5QOLc2krKpc+oonfYofTxCQSTpISJXytpLZHX1sP+ACCApFY1+nOgfvSL8meE/VWJb6ltRQGXxccoeLwZkqwyjjD8VW4OBED0CbpZb5a/bC4PyYW1biCrbgnwXzBtlGe5OBkL2s8jLblj4=,iv:GzIo9ca/W+6sLU1vVY3JuNpg+1pKeS0Zqj6GiEPGjVo=,tag:uaSZ/GwnjGcczqCs2dIzmg==,type:str]
+    lastmodified: "2023-05-15T21:24:22Z"
+    mac: ENC[AES256_GCM,data:V0HKPqkonpbJtxpUtCkz2pPIYWjtE5BhRgwbb/uGFTIlkA+VX75xhTWmKZBxHgcIhNvFI2uxnQgq7AOuegN3klAOq82qlWMHR2bIwj25ugc90gOJoZt8QnDTM/aH8G0xgO2KKEtQ8l31YMQjr8RWzGF9WbAxY5t5a/ULrxPESvY=,iv:0/qShbUIcdKrFnIx0CoUQzVAaueRoM38yGEYvUh79HQ=,tag:Iu/vRr2G93PU27W6k+0yDg==,type:str]
    pgp:
        - created_at: "2022-12-26T22:15:56Z"
          enc: |