diff options
Diffstat (limited to 'src/infrastructure')
| -rw-r--r-- | src/infrastructure/guix/system.scm | 13 | ||||
| -rw-r--r-- | src/infrastructure/rsync.net/authorized_keys | 1 |
2 files changed, 9 insertions, 5 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index e506de8..a6093a9 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -88,7 +88,7 @@ HOSTNAME="$(hostname)" export BORG_REPO="16686@ch-s010.rsync.net:borg/$HOSTNAME" export BORG_REMOTE_PATH='borg1' - export BORG_PASSCOMMAND='cat /opt/secrets/borg-passphrase.txt' + export BORG_PASSCOMMAND='cat /var/lib/borg-passphrase.txt' export GIT_CONFIG_GLOBAL=/etc/gitconfig @@ -207,10 +207,12 @@ ARCHIVE_TAG="${1:-manual}" + export BORG_RSH="ssh -i $HOME/.ssh/id_rsa" + run() { set -x # shellcheck disable=2086 - sudo -i borg create \ + sudo -E borg create \ $VERBOSE_FLAGS \ --comment " $COMMENT" \ --stats \ @@ -220,8 +222,7 @@ /home/ \ /etc/ \ /var/ \ - /srv/ \ - /opt/ + /srv/ STATUS=$? set +x @@ -1668,7 +1669,7 @@ (name whoami) (comment "EuAndreh") (group "users") - (supplementary-groups '("wheel"))) + (supplementary-groups '("wheel" "borg"))) (user-account (name "git") (group "git") @@ -1681,6 +1682,8 @@ (append (list (user-group + (name "borg")) + (user-group (name "git"))) %base-groups)) (sudoers-file diff --git a/src/infrastructure/rsync.net/authorized_keys b/src/infrastructure/rsync.net/authorized_keys index 1245cad..a0a8dac 100644 --- a/src/infrastructure/rsync.net/authorized_keys +++ b/src/infrastructure/rsync.net/authorized_keys @@ -2,3 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7e command="borg1 serve --append-only --restrict-to-repository borg/camarada.site/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAIZpXwNI5HVH7lUOterphIdUlX/a0nCuhb/XxbdDvU0tj3wjT7wGhCU9T9oaY2aNg5XVuWtPzLv5oLMW4eATlXw65knii2dU1Tp28vfD99aqbampxbbNwsJZ62jRhQwGhsehNREDEiNo+5llJNY4tMXEIpHXlQohemORVBIYa99VymWNiVQhW7vpH4SsbXh2hc9bAU0WWTU3COBvrSJ1VDYlhE08NJsOkUrwrP17U6ZkVDuPHoBQBEwHuBvQd86ogiHnZijRoz7nAH4ZIWYrXL6f/itA6Fw6C3G7yOrJvNbuYg0N176/qGjw9RfyuE5001zWem41hP2Z7+TCvzrhH7MjvtPSjixXrObjYSY0DI8GuaK/1fTOeVgc7pTfJ6S1ZEUMcQlEKTPlce8Jkrx5M1JOP0nnfABb0ZQB/6gNjw7LCcMEJrKjxBffNuloGVQSt4wuGyDlNIe0zZXLXxJPgc0NgIgrRNif5lF/KO+cNm/XDQ548JdYXnwGb6Jxhg8s= andreh@toph command="borg1 serve --append-only --restrict-to-repository borg/kuvira/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw3VGwWQNpGvu1OFdVzwixovSMadlu3QUqTFADYxdBOX0tilf37LJQElaoyNVLTYOTsDTgfcTfpB+Qo6pdyJhbFYV3DyGdssRSxWgFv3mCMlGm0QzDGLLt+ebYBcc67aQytXTaA10EVVmcs/yKTXsEwiI7kHnZlBOt+8llAg/li6Vd+oiLdnEw6Y6wPcY/WOO7/UtlH4pBxrhibV5i04ngd+IFOvsNRpVgCPnS4OuNquNFdm5xkiKN0nwkzFrKS3ECCbo4wxAirjAjAT+vRiu5mi32P5PDflWajrAzrruALD+htiDjm++jkYrKWQoDpH6Vqlow8kdSQEpUbykXn43beLOKvQ3GAC2AjjP+cZmyYp7Lag9hS4ROL68ckDE0W10i90sxO9E4+6e0nM4mEkOdj4791Xi0/8GSYDMptHFT+hHJ2w0xdgFYU275MWPYlhaOFx2ak4WVPkjyS6avIhLhRKlv6LkrK5v+Z5RwmK7fexjxm15e6HoN9/pxxqSXBY8= andreh@kuvira command="borg1 serve --append-only --restrict-to-repository borg/iroh/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJRGX6A/oXJ8hxE+JrUIalhsAZSk90CdQ28EkTN9Em4Aoa5sDX9u4lz9sVIPipAvKYsUZd35GArmGRMVjO2bXfPG0o0VKiHUtfy7Q422EvI9CSi3+FUTnDrrzeq73yFa5v2ANY+D0PeXzrWfltBTQMaLUYmfeQwYRyuWqftxMuGlxNeSkIJ2ySvHbdmfrWi55ae9Fs6xiB3ZdREmRse9RUWbgAL2FVRhDerDqHR1IGbtk4pfGIDsOB85i1TqnaaI9xIa4t6x0dsuoyb5UTGCXhUxBHi5kgEXHDNiL73OxJur7oAXW4I/x1QkXDZpOEsqVTiIVbwRmAerXMZBA8WTEB root@box.euandre.org +command="borg1 serve --append-only --restrict-to-repository borg/toph/",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0o73ml7gMPhw/EwjIof6ph5PHPAL5EFDrP7PPZ9xCES79nSKZ0r40uW2RNp2Gzwb/QYtbr/aFkuX11Eo739upnj5cydyr4AHPLgoBoPVbn7/0/IIkin4r31GrWYdGzXRZSB5Tz0Za58OYW0RiUVHffx/E5+tOBQ2SMc6WK9/Q6FljGrD3yK/KYgZhcvmfsDTv2DGhFFORoUQSfGGwmRMJXGVPG2lDqoD3I3CWF34Y/b9GRHdSFgHy3iOas03WTsMaOSosmuF9MMm8Zn2515XGXU+uirsUJrFOa5leRBEvoEmx+WsB6CULn0PKk+ieghcq8z4j5oR1AOUFeSSJVIvlOyyt8x5rqLW8CvPFtU982LZrAq/DCcuaIkx/ww/cIbkUIN52Tv1Ia8jfV2aqRJ4hRshsuh9mj5fUlp+jmrMY6Ww5tl24OKrKRAT6pr5Fzgip927BkLPKJFClcp5fzZJLUiwNihYfuR5J+VselMPfxoTXfNVj/hsINclj2CLoCTM= andreh@toph |