nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Secrets dans un volume ZFS

Browse Source
This commit is contained in:
nyanloutre 2018-08-02 11:36:24 +02:00
parent ab2ea34e50
commit 0b75beb437
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
systems/LoutreOS/hardware-configuration.nix
View File

@ -132,6 +132,11 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/secrets" =
{ device = "loutrepool/secrets";
fsType = "zfs";
};
swapDevices = swapDevices =
[ [
{ {

6
systems/LoutreOS/services.nix
View File

@ -240,7 +240,7 @@ in
repo = "/mnt/backup/borg"; repo = "/mnt/backup/borg";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat /root/borg/medias_encryption_pass"; passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
}; };
startAt = "weekly"; startAt = "weekly";
prune.keep = { prune.keep = {
@ -252,7 +252,7 @@ in
postHook = '' postHook = ''
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
if [[ $exitStatus == 0 ]]; then if [[ $exitStatus == 0 ]]; then
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf sync -v $BORG_REPO loutre_ovh:loutre ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO loutre_ovh:loutre
fi fi
''; '';
}; };
@ -265,7 +265,7 @@ in
rootUrl = "https://gitea.nyanlout.re/"; rootUrl = "https://gitea.nyanlout.re/";
database.type = "postgres"; database.type = "postgres";
database.port = 5432; database.port = 5432;
database.passwordFile = "/root/gitea_passphrase"; database.passwordFile = "/mnt/secrets/gitea_database_passwordFile";
}; };
services.vsftpd = { services.vsftpd = {