diff --git a/flake.nix b/flake.nix index 71d11f5..a90f93b 100644 --- a/flake.nix +++ b/flake.nix @@ -160,6 +160,8 @@ repo = "t643s856@t643s856.repo.borgbase.com:repo"; excludes = [ "/home/eesim/.cache/" + "/home/eesim/configs/mc-distant-horizons" + "/home/eesim/configs/mc-arcadia" ]; key = "/home/eesim/.ssh/id_ed25519"; passphrase = "/run/secrets/borgbase/nix-alpheratz"; @@ -189,6 +191,19 @@ options = { openssh.enable = true; + backup = { + enable = true; + user = "eesim"; + paths = [ "/home/eesim" ]; + repo = "ssh://p9h977h3@p9h977h3.repo.borgbase.com/./repo"; + excludes = [ + "/home/eesim/.cache" + ]; + passphrase = "/run/secrets/backup/repo_password"; + key = "/home/eesim/.ssh/id_ed25519_borgbase"; + repeat = "daily"; + }; + networking = { firewall = { allowedTCPPorts = [ 80 443 3000 3843 4533 6600 6722 7474 7878 8000 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 13378 24454 25565 25600 ]; diff --git a/hosts/diphda/system.nix b/hosts/diphda/system.nix index f7a9cfa..c66cd4c 100644 --- a/hosts/diphda/system.nix +++ b/hosts/diphda/system.nix @@ -20,8 +20,13 @@ defaultSopsFile = ../../secrets/diphda/secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets."backup/repo_password" = { + owner = "eesim"; + }; + secrets."mc-arcadia/repo_password" = {}; secrets."mc-dh/repo_password" = {}; + secrets."tandoor/secret_key" = { owner = "tandoor"; };