2 files changed, 4 insertions, 7 deletions

diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh
index 87bb4c5..232cb93 100755
--- a/scripts/ci/provision.sh
+++ b/scripts/ci/provision.sh
@@ -8,14 +8,13 @@ cd ../../
 VPS_COMMIT_SHA="$(git rev-parse HEAD)"
 export VPS_COMMIT_SHA
 
-# FIXME: use Ansible instead
 setup_borg_files() {
   local -r template_file="${1}"
   local -r destination_name="${2}"
   scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub
   scp ./secrets/borg/borg-remote     "$TLD":/root/.ssh/id_rsa
   scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts
-  ssh "$TLD" 'chmod 600 /root/.ssh/id_rsa'
+  ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa'
   envsubst < "${template_file}" | ssh "$TLD" "cat > /home/vps/${destination_name} && chmod +x /home/vps/${destination_name}"
   ssh "$TLD" "chmod +x /home/vps/${destination_name}"
 }
@@ -59,10 +58,6 @@ git push origin master
 popd
 echo "Done."
 
-echo "Restoring data from backup into volume..."
-setup_borg_files ./scripts/box/restore-backup.env.sh restore-backup.sh
-echo "Done."
-
 echo "Running the Ansible playbook..."
 ansible-playbook provision.yaml
 echo "Done."
diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh
index 63e3657..dbbf32a 100755
--- a/scripts/ci/setup.sh
+++ b/scripts/ci/setup.sh
@@ -18,7 +18,7 @@ popd
 echo "Done."
 
 # git smudge after git-crypt clears file permissions
-chmod 600 ./secrets/ssh/vps-box-client
+chmod 400 ./secrets/ssh/vps-box-client
 cat .envrc >> ~/.buildenv
 
 source .envrc
@@ -32,3 +32,5 @@ envsubst < ./ssh.env.conf >> ~/.ssh/config
 envsubst < ./hosts.env > ./hosts
 envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
 envsubst < ./user-data.env.sh > ./user-data.sh
+envsubst < ./scripts/box/create-backup.env.sh > ./scripts/box/create-backup.sh
+envsubst < ./scripts/box/restore-backup.env.sh > ./scripts/box/restore-backup.sh