From d79c397db73546214e2dd2717d1f2f139f10a182 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Wed, 5 Jun 2019 19:09:10 -0300 Subject: Use specific known keys for connecting with the backup server --- scripts/box/run-backup.env.sh | 2 +- scripts/ci/provision.sh | 5 +++-- secrets/borg/borg-remote | 49 +++++++++++++++++++++++++++++++++++++++++++ secrets/borg/borg-remote.pub | 1 + secrets/borg/borg_remote | 49 ------------------------------------------- secrets/borg/borg_remote.pub | 1 - secrets/borg/known-hosts.txt | 2 ++ 7 files changed, 56 insertions(+), 53 deletions(-) create mode 100644 secrets/borg/borg-remote create mode 100644 secrets/borg/borg-remote.pub delete mode 100644 secrets/borg/borg_remote delete mode 100644 secrets/borg/borg_remote.pub create mode 100644 secrets/borg/known-hosts.txt diff --git a/scripts/box/run-backup.env.sh b/scripts/box/run-backup.env.sh index e1ecdf0..bd506e9 100755 --- a/scripts/box/run-backup.env.sh +++ b/scripts/box/run-backup.env.sh @@ -2,7 +2,7 @@ export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" export BORG_PASSPHRASE="${BORG_PASSPHRASE}" -# The configured $BORG_REPO is already the rsync.net remote. +# The configured $BORG_REPO is already the rsync remote. # No need to send the files after the backup is done. borg create \ --verbose \ diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh index d4121b1..1000a55 100755 --- a/scripts/ci/provision.sh +++ b/scripts/ci/provision.sh @@ -10,8 +10,9 @@ export VPS_COMMIT_SHA echo "Shutting down running containers and backing up data..." ssh "$TLD" "cd /home/vps/ && docker-compose down" -scp ./secrets/borg/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub -scp ./secrets/borg/borg_remote "$TLD":/root/.ssh/id_rsa +scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa +scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts ssh "$TLD" 'chmod 600 /root/.ssh/id_rsa' envsubst < ./scripts/box/run-backup.env.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh' ssh "$TLD" /home/vps/run-backup.sh diff --git a/secrets/borg/borg-remote b/secrets/borg/borg-remote new file mode 100644 index 0000000..ba43489 --- /dev/null +++ b/secrets/borg/borg-remote @@ -0,0 +1,49 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAvVPRSlvNFyKpkY5113AnSo0tmeDt35D65YpQ9gcOI6qNIC359+6I +c0rkrRP/f3dNLvFpHht+wR0UiO+6ppICjJSoHweQQEDDKKx+uCoD2dHRKzAFr/PbccbKGY +1/FWcF0GsFcFHiO9bCt/AQjeT1vgaJWVifMJ/6YqCppZKsV2sjnOm62KvukyzdMiI/G9GM +zc/vmd6/iu1g60ekz6gq9CLUhwKBNKhBIjPTQRLWYMOkeM6e7po/MObX3fS2O32nhkyC5h +eM/IKSHkDbbhBjrb/L2l1mCeG5NyFOs4q+C02y3q+swqbdde9va1SqW8fpEImwLYpTEr8Q +srtTJemp8Usnpqg5X6xdvcafiXzJIodWNdk1oyXDisvEumuuTjKN41tPmJZQgf6PY9l2Ko +0Yha1e+taKOdTMqGzxXW55SZn8tc8MYLStvrKryLsxUd4LuUIHHFqqFy+K/fLU2AZGyO1z +oruy0fa0J9536JMKkJJBmekTjx4uwgjQ7v505kV6bMADdvfnjUfd64FTg3aq70MvCfonk4 +c8WBHIJQUC4+5HPnsATs3uo0Wr02B8Nt5/3WFu5wQNWiXPgaKzSd0fUIZTfuIfS3DerfW/ +/2+8ZUFhoyaBheXjR98DjlxDlvIb7ssH7PLGit4EyVOSiBx47Xo7UsUw9fL9YbUdB1MnJ8 +8AAAdQU9TI9VPUyPUAAAAHc3NoLXJzYQAAAgEAvVPRSlvNFyKpkY5113AnSo0tmeDt35D6 +5YpQ9gcOI6qNIC359+6Ic0rkrRP/f3dNLvFpHht+wR0UiO+6ppICjJSoHweQQEDDKKx+uC +oD2dHRKzAFr/PbccbKGY1/FWcF0GsFcFHiO9bCt/AQjeT1vgaJWVifMJ/6YqCppZKsV2sj +nOm62KvukyzdMiI/G9GMzc/vmd6/iu1g60ekz6gq9CLUhwKBNKhBIjPTQRLWYMOkeM6e7p +o/MObX3fS2O32nhkyC5heM/IKSHkDbbhBjrb/L2l1mCeG5NyFOs4q+C02y3q+swqbdde9v +a1SqW8fpEImwLYpTEr8QsrtTJemp8Usnpqg5X6xdvcafiXzJIodWNdk1oyXDisvEumuuTj +KN41tPmJZQgf6PY9l2Ko0Yha1e+taKOdTMqGzxXW55SZn8tc8MYLStvrKryLsxUd4LuUIH +HFqqFy+K/fLU2AZGyO1zoruy0fa0J9536JMKkJJBmekTjx4uwgjQ7v505kV6bMADdvfnjU +fd64FTg3aq70MvCfonk4c8WBHIJQUC4+5HPnsATs3uo0Wr02B8Nt5/3WFu5wQNWiXPgaKz +Sd0fUIZTfuIfS3DerfW//2+8ZUFhoyaBheXjR98DjlxDlvIb7ssH7PLGit4EyVOSiBx47X +o7UsUw9fL9YbUdB1MnJ88AAAADAQABAAACAG4Cwy0C9MQJtyBF+EFsANi3+hRc97udobw5 +R9v9s4CT/JcDQCmJqC3eCcxsP10QtH+fdSYycc/ClwkOy5U4aFTJmHsXSQGc4AnFWYinmT +87ROBkchmQiCWvjgWVC5AjIeS+GxXt7pg4rUJ2MxhQP17gq3SII0/81V/z3T/BX3UYY0Qt +KA34sZNBUXJtJeCDPd7lgWMWZJRUZKmyIpkrLXJYvseIdA1l6xr1pD4+tOTbKbmszfr1E9 +zVdf+Zzz34QJyv3qvWaWzcbg04QIjO6yytssU62izJxXa8Wt/GsbEdv97Xk3ozvaFmtIZY +Vvkny0x5xS5hHu5YqVpBsQnpoX39BNFFsoY4jY+QHvJGLvc+xGuovPVf3+Y9YhDKzYvtN7 +d0XLV6nDrLqUGi6wsR7JIol7LvYG9TcnGfhEIiGjzs0qSjGYP2EbDM/q9Fjv75w5TsGUM6 +pvTGrE9hkB1T0EBVdJZCr63Vfvh51ltTzYu2LQDku4QBEdurNEBoFty0oi2A3wS0jrDxe2 +euA3Te9GU6kxCJZm35aYz2Y+pSMJ2xuTjYETC/lTY3ejQYvdC+B7D6rODHhgMWVurcDpEO +31syic/NcojiEAqeIIi3I1YDbcwaKCA8LTLDEIsszQgPuQbZKge5hGOT3EnUxQIbvg9tds +US1cGroF6Y7RDpQRwZAAABAQCmieO+zs3n3iIKZCSkIDegpEQEpRVj/adSsBvyDK2XalRV +5va0prqtMULlIM+NTBuWZtx4CO/dZhw9TYtE8EUuZQ0VeICeOMCYsgOnm7IswRX2zpblIA +a/UZm1mLxJMUCBwi2SgHSX4dn/+MeQBYH06XksJ9VeJrSttpqLx+NdNWyComBep7miTyPp +vO/Tx6x1NE0OjbKijtQ0Z9xclR/Mn7I5d8Qe79vmrm06WpM/JGAf+kAfKkHwipyvHszjnS +jE8UV+mYgXndhoN5FAoP67LUj3xXqAHesRjY2/mggFE9qwdOyEFYI0JeOtYEiK/wUGqbgW +DqBRwhrFRejU15SMAAABAQDcuX2qu2I2WtRjkx0Xaruvt/0zHOGD2JC8pqGF9XAPTs04/o +hkBpYZf9tan9qwFsw/NL4XnqFkj4OaSlNGxuWxQNuqZS95ig+PKK8XwAWvByg5x7Mhv9Oi +C09oo3MxVw7bMdHkYhU9xgUQskDPDaT/uTqkUQbcpQmH+JHHVzvF7WL/2mODKin4fj7dSr +RsC6f5AmOVmbhrOOJzK0l5wLysa9O5sqq/CIa6dQ0rYm49egRnFK/Phjl90bLZ1HCrOUaP +10Ol476Ih+FUor3DlegPznoXupR/txwN8cPwbRJ4s+VnBcRERKS+XYEw+DsiFjlh7OFvNs ++ePpq+BL3cfV47AAABAQDblcYgHwWN6whTeBM4kX1syvhd+TM8wywJ/jKgExsXoCevnbUr +5clzCHdARCNCeNcJAW2XTwsoreL54sj1LLaCGqZf9URkmXajW4sIOzz/xmYaugVOYrOXta +05GkhZVtKCdoyQvitjIBkM/CkNRxRaX++OP2XhPuF4SbcLwrY4DsuMAPII1z7+bq2NXXx+ +NQ/BWWF9mjkJlWVdbOM/TRkvS/tOrXAZ9uKxI7m7FnPrbnFtuaHGRD92j46lNGeyHvpmow +t9gYXYTLYDgQNRD1lgr/8TcOYd4C/gFCzzZxswGoCKCCLPKiSBwz/fcG8Hfkqip4adgX2d +Eo05O7PHJR99AAAAFXJzeW5jLm5ldEBldWFuZHJlLm9yZwECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/secrets/borg/borg-remote.pub b/secrets/borg/borg-remote.pub new file mode 100644 index 0000000..2f7af58 --- /dev/null +++ b/secrets/borg/borg-remote.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9U9FKW80XIqmRjnXXcCdKjS2Z4O3fkPrlilD2Bw4jqo0gLfn37ohzSuStE/9/d00u8WkeG37BHRSI77qmkgKMlKgfB5BAQMMorH64KgPZ0dErMAWv89txxsoZjX8VZwXQawVwUeI71sK38BCN5PW+BolZWJ8wn/pioKmlkqxXayOc6brYq+6TLN0yIj8b0YzNz++Z3r+K7WDrR6TPqCr0ItSHAoE0qEEiM9NBEtZgw6R4zp7umj8w5tfd9LY7faeGTILmF4z8gpIeQNtuEGOtv8vaXWYJ4bk3IU6zir4LTbLer6zCpt11729rVKpbx+kQibAtilMSvxCyu1Ml6anxSyemqDlfrF29xp+JfMkih1Y12TWjJcOKy8S6a65OMo3jW0+YllCB/o9j2XYqjRiFrV761oo51MyobPFdbnlJmfy1zwxgtK2+sqvIuzFR3gu5QgccWqoXL4r98tTYBkbI7XOiu7LR9rQn3nfokwqQkkGZ6ROPHi7CCNDu/nTmRXpswAN29+eNR93rgVODdqrvQy8J+ieThzxYEcglBQLj7kc+ewBOze6jRavTYHw23n/dYW7nBA1aJc+BorNJ3R9QhlN+4h9LcN6t9b//b7xlQWGjJoGF5eNH3wOOXEOW8hvuywfs8saK3gTJU5KIHHjtejtSxTD18v1htR0HUycnzw== rsync.net@euandre.org diff --git a/secrets/borg/borg_remote b/secrets/borg/borg_remote deleted file mode 100644 index ba43489..0000000 --- a/secrets/borg/borg_remote +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAgEAvVPRSlvNFyKpkY5113AnSo0tmeDt35D65YpQ9gcOI6qNIC359+6I -c0rkrRP/f3dNLvFpHht+wR0UiO+6ppICjJSoHweQQEDDKKx+uCoD2dHRKzAFr/PbccbKGY -1/FWcF0GsFcFHiO9bCt/AQjeT1vgaJWVifMJ/6YqCppZKsV2sjnOm62KvukyzdMiI/G9GM -zc/vmd6/iu1g60ekz6gq9CLUhwKBNKhBIjPTQRLWYMOkeM6e7po/MObX3fS2O32nhkyC5h -eM/IKSHkDbbhBjrb/L2l1mCeG5NyFOs4q+C02y3q+swqbdde9va1SqW8fpEImwLYpTEr8Q -srtTJemp8Usnpqg5X6xdvcafiXzJIodWNdk1oyXDisvEumuuTjKN41tPmJZQgf6PY9l2Ko -0Yha1e+taKOdTMqGzxXW55SZn8tc8MYLStvrKryLsxUd4LuUIHHFqqFy+K/fLU2AZGyO1z -oruy0fa0J9536JMKkJJBmekTjx4uwgjQ7v505kV6bMADdvfnjUfd64FTg3aq70MvCfonk4 -c8WBHIJQUC4+5HPnsATs3uo0Wr02B8Nt5/3WFu5wQNWiXPgaKzSd0fUIZTfuIfS3DerfW/ -/2+8ZUFhoyaBheXjR98DjlxDlvIb7ssH7PLGit4EyVOSiBx47Xo7UsUw9fL9YbUdB1MnJ8 -8AAAdQU9TI9VPUyPUAAAAHc3NoLXJzYQAAAgEAvVPRSlvNFyKpkY5113AnSo0tmeDt35D6 -5YpQ9gcOI6qNIC359+6Ic0rkrRP/f3dNLvFpHht+wR0UiO+6ppICjJSoHweQQEDDKKx+uC -oD2dHRKzAFr/PbccbKGY1/FWcF0GsFcFHiO9bCt/AQjeT1vgaJWVifMJ/6YqCppZKsV2sj -nOm62KvukyzdMiI/G9GMzc/vmd6/iu1g60ekz6gq9CLUhwKBNKhBIjPTQRLWYMOkeM6e7p -o/MObX3fS2O32nhkyC5heM/IKSHkDbbhBjrb/L2l1mCeG5NyFOs4q+C02y3q+swqbdde9v -a1SqW8fpEImwLYpTEr8QsrtTJemp8Usnpqg5X6xdvcafiXzJIodWNdk1oyXDisvEumuuTj -KN41tPmJZQgf6PY9l2Ko0Yha1e+taKOdTMqGzxXW55SZn8tc8MYLStvrKryLsxUd4LuUIH -HFqqFy+K/fLU2AZGyO1zoruy0fa0J9536JMKkJJBmekTjx4uwgjQ7v505kV6bMADdvfnjU -fd64FTg3aq70MvCfonk4c8WBHIJQUC4+5HPnsATs3uo0Wr02B8Nt5/3WFu5wQNWiXPgaKz -Sd0fUIZTfuIfS3DerfW//2+8ZUFhoyaBheXjR98DjlxDlvIb7ssH7PLGit4EyVOSiBx47X -o7UsUw9fL9YbUdB1MnJ88AAAADAQABAAACAG4Cwy0C9MQJtyBF+EFsANi3+hRc97udobw5 -R9v9s4CT/JcDQCmJqC3eCcxsP10QtH+fdSYycc/ClwkOy5U4aFTJmHsXSQGc4AnFWYinmT -87ROBkchmQiCWvjgWVC5AjIeS+GxXt7pg4rUJ2MxhQP17gq3SII0/81V/z3T/BX3UYY0Qt -KA34sZNBUXJtJeCDPd7lgWMWZJRUZKmyIpkrLXJYvseIdA1l6xr1pD4+tOTbKbmszfr1E9 -zVdf+Zzz34QJyv3qvWaWzcbg04QIjO6yytssU62izJxXa8Wt/GsbEdv97Xk3ozvaFmtIZY -Vvkny0x5xS5hHu5YqVpBsQnpoX39BNFFsoY4jY+QHvJGLvc+xGuovPVf3+Y9YhDKzYvtN7 -d0XLV6nDrLqUGi6wsR7JIol7LvYG9TcnGfhEIiGjzs0qSjGYP2EbDM/q9Fjv75w5TsGUM6 -pvTGrE9hkB1T0EBVdJZCr63Vfvh51ltTzYu2LQDku4QBEdurNEBoFty0oi2A3wS0jrDxe2 -euA3Te9GU6kxCJZm35aYz2Y+pSMJ2xuTjYETC/lTY3ejQYvdC+B7D6rODHhgMWVurcDpEO -31syic/NcojiEAqeIIi3I1YDbcwaKCA8LTLDEIsszQgPuQbZKge5hGOT3EnUxQIbvg9tds -US1cGroF6Y7RDpQRwZAAABAQCmieO+zs3n3iIKZCSkIDegpEQEpRVj/adSsBvyDK2XalRV -5va0prqtMULlIM+NTBuWZtx4CO/dZhw9TYtE8EUuZQ0VeICeOMCYsgOnm7IswRX2zpblIA -a/UZm1mLxJMUCBwi2SgHSX4dn/+MeQBYH06XksJ9VeJrSttpqLx+NdNWyComBep7miTyPp -vO/Tx6x1NE0OjbKijtQ0Z9xclR/Mn7I5d8Qe79vmrm06WpM/JGAf+kAfKkHwipyvHszjnS -jE8UV+mYgXndhoN5FAoP67LUj3xXqAHesRjY2/mggFE9qwdOyEFYI0JeOtYEiK/wUGqbgW -DqBRwhrFRejU15SMAAABAQDcuX2qu2I2WtRjkx0Xaruvt/0zHOGD2JC8pqGF9XAPTs04/o -hkBpYZf9tan9qwFsw/NL4XnqFkj4OaSlNGxuWxQNuqZS95ig+PKK8XwAWvByg5x7Mhv9Oi -C09oo3MxVw7bMdHkYhU9xgUQskDPDaT/uTqkUQbcpQmH+JHHVzvF7WL/2mODKin4fj7dSr -RsC6f5AmOVmbhrOOJzK0l5wLysa9O5sqq/CIa6dQ0rYm49egRnFK/Phjl90bLZ1HCrOUaP -10Ol476Ih+FUor3DlegPznoXupR/txwN8cPwbRJ4s+VnBcRERKS+XYEw+DsiFjlh7OFvNs -+ePpq+BL3cfV47AAABAQDblcYgHwWN6whTeBM4kX1syvhd+TM8wywJ/jKgExsXoCevnbUr -5clzCHdARCNCeNcJAW2XTwsoreL54sj1LLaCGqZf9URkmXajW4sIOzz/xmYaugVOYrOXta -05GkhZVtKCdoyQvitjIBkM/CkNRxRaX++OP2XhPuF4SbcLwrY4DsuMAPII1z7+bq2NXXx+ -NQ/BWWF9mjkJlWVdbOM/TRkvS/tOrXAZ9uKxI7m7FnPrbnFtuaHGRD92j46lNGeyHvpmow -t9gYXYTLYDgQNRD1lgr/8TcOYd4C/gFCzzZxswGoCKCCLPKiSBwz/fcG8Hfkqip4adgX2d -Eo05O7PHJR99AAAAFXJzeW5jLm5ldEBldWFuZHJlLm9yZwECAwQF ------END OPENSSH PRIVATE KEY----- diff --git a/secrets/borg/borg_remote.pub b/secrets/borg/borg_remote.pub deleted file mode 100644 index 2f7af58..0000000 --- a/secrets/borg/borg_remote.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9U9FKW80XIqmRjnXXcCdKjS2Z4O3fkPrlilD2Bw4jqo0gLfn37ohzSuStE/9/d00u8WkeG37BHRSI77qmkgKMlKgfB5BAQMMorH64KgPZ0dErMAWv89txxsoZjX8VZwXQawVwUeI71sK38BCN5PW+BolZWJ8wn/pioKmlkqxXayOc6brYq+6TLN0yIj8b0YzNz++Z3r+K7WDrR6TPqCr0ItSHAoE0qEEiM9NBEtZgw6R4zp7umj8w5tfd9LY7faeGTILmF4z8gpIeQNtuEGOtv8vaXWYJ4bk3IU6zir4LTbLer6zCpt11729rVKpbx+kQibAtilMSvxCyu1Ml6anxSyemqDlfrF29xp+JfMkih1Y12TWjJcOKy8S6a65OMo3jW0+YllCB/o9j2XYqjRiFrV761oo51MyobPFdbnlJmfy1zwxgtK2+sqvIuzFR3gu5QgccWqoXL4r98tTYBkbI7XOiu7LR9rQn3nfokwqQkkGZ6ROPHi7CCNDu/nTmRXpswAN29+eNR93rgVODdqrvQy8J+ieThzxYEcglBQLj7kc+ewBOze6jRavTYHw23n/dYW7nBA1aJc+BorNJ3R9QhlN+4h9LcN6t9b//b7xlQWGjJoGF5eNH3wOOXEOW8hvuywfs8saK3gTJU5KIHHjtejtSxTD18v1htR0HUycnzw== rsync.net@euandre.org diff --git a/secrets/borg/known-hosts.txt b/secrets/borg/known-hosts.txt new file mode 100644 index 0000000..92e0bff --- /dev/null +++ b/secrets/borg/known-hosts.txt @@ -0,0 +1,2 @@ +|1|cIJON6PduW/wshQJDXxwHhyhFAw=|qrVaCqD6EhUWC9cy4V4/d1HWawM= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBxDZv64oRMzRkywjmRRrml2pr0XFSZhlL46nUSmM60 +|1|2EjhxKgzkKA8b4cs68lhegyfMUY=|og+e2P84/wUNwuelEPIvy5M2zvQ= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBxDZv64oRMzRkywjmRRrml2pr0XFSZhlL46nUSmM60 -- cgit v1.2.3