diff --git a/hosts/db-mdb11/default.nix b/hosts/db-mdb11/default.nix index 7ba69a8..342805f 100644 --- a/hosts/db-mdb11/default.nix +++ b/hosts/db-mdb11/default.nix @@ -20,6 +20,54 @@ enable = true; }; + sops.secrets."borgmatic_pass/local" = { }; + sops.secrets."borgmatic_pass/remote" = { }; + sops.secrets."mariadb_databases/bookstack" = { }; + sops.secrets."mariadb_databases/hortusfox" = { }; + + services.borgmatic = { + enable = true; + enableConfigCheck = true; + + configurations = { + local = { + repositories = [ + { + label = "local"; + path = "ssh://borg@borg-01.tail755c5.ts.net/./"; + } + ]; + encryption_passcommand = ''cat ${config.sops.secrets."borgmatic_pass/local".path}''; + + mariadb_databases = [ + { + name = "bookstackapp"; + username = "bookstack"; + password = ''{credential file ${config.sops.secrets."mariadb_databases/bookstack".path}}''; + } + { + name = "hortusfox"; + username = "hortusfox"; + password = ''{credential file ${config.sops.secrets."mariadb_databases/hortusfox".path}}''; + } + ]; + + keep_daily = 7; + keep_weekly = 4; + keep_monthly = 12; + keep_yearly = 3; + + unknown_unencrypted_repo_access_is_ok = false; + + ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; + + healthchecks = { + ping_url = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-databases-db-mdb11"; + }; + }; + }; + }; + base.userSSHKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyi9TFKaEVrO4Gl7/t47PERjOiN3WHMD29UgZV5gm4G etorres@xenon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWS4JI7h2B89m8bFT4CUzNmWViVy74CLDQXdhgxVnBk etorres@radon" diff --git a/secrets/db-mdb11.yml b/secrets/db-mdb11.yml index cec7a43..50f0ff7 100644 --- a/secrets/db-mdb11.yml +++ b/secrets/db-mdb11.yml @@ -1,9 +1,9 @@ borgmatic_pass: local: ENC[AES256_GCM,data:EldjySkh6JU5rekUBZx61gQs9rU=,iv:uRfm1naqhDLBWyAuBOhyAzwHtuPmMLa15gGD00HpkkU=,tag:BD1VDDcWYaKUHrcNKLNBNw==,type:str] remote: ENC[AES256_GCM,data:Gn7doGhY1UBxVD2r0BsngKo2vuU=,iv:qWIda8cFLoqLnIrToKh1wG0sYTeFDCSlWuNWBUfu74U=,tag:ma4sNmwZi/cn3RUAgPajhQ==,type:str] -mariadb_dabases: - bookstack: ENC[AES256_GCM,data:1JOePVupIPKESwXfR3cH2OyhACM=,iv:hVo6HCP3j9A/t9OgarfdyfL2iKDfOUCB2mCp1KsjD/g=,tag:j0JaTujE/4uudNKaMSobDg==,type:str] - hortusfox: ENC[AES256_GCM,data:zqCleMgssgYs7g9ZBr9TLz4Pddk=,iv:uPdjgsbYirZZaDV/BP5QkoVQT+EWLdwjlfOjrFK9tnI=,tag:JJFLtwndB+JrhO782WTHIA==,type:str] +mariadb_databases: + bookstack: ENC[AES256_GCM,data:iQjasOHhOEGl/Ie2FowHXBKn3t0=,iv:W4uncgHnVdZpUvPh6PnvMmRMJXf4tOt/dwqibR0LwYk=,tag:Bk+0pRop1wotkgD61Uh5iQ==,type:str] + hortusfox: ENC[AES256_GCM,data:a1WOvjQ+Tzf/DHfRGUOkaf/2RNM=,iv:KWZcLbDXFGvJzoZIwzfNGqQI4JvFuXjoCyejUXBKcVc=,tag:bxdKvHdg9XH5Uz364uqUBg==,type:str] sops: age: - recipient: age1jmsrfddctahhznfv7jv77tgw5crmhjhe0e0kzc967hvax4sulv3s6hp2su @@ -33,7 +33,7 @@ sops: NkVoaEtBMHdGbDlKV2ZZeDV0ZmFURmcKCBAciuWWm/0/aOmDvd36wpxeHvKMP5Cq Sh2sIswKFQVKcwc5cK1/h4hCkMAAFlcVELO+S9vmPFDKByzwkITUsw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-23T21:27:51Z" - mac: ENC[AES256_GCM,data:62j2QM9NQsk8BzQfK8ddVurGJvyUIFK4mVAvY6PzxMgiVoi9QWe7Zpcu705svI5Kk9IeWnESCW/FbDjrLBdGwe9BUjjsRKEd+IJpQDZ4jemkoQdtlwLg23vcelwYFgQ/b6YLrT6F4PHP45qjSzGLFnYgep7f04hjlCWaDbebS1I=,iv:rfJ1z8O6N3rdvHDLqC8c6bNhjM9ZPfEsXxhIslZNut8=,tag:sJtSU3o2LW80PUu0roK5wQ==,type:str] + lastmodified: "2025-08-24T00:18:19Z" + mac: ENC[AES256_GCM,data:7y9nkWfnzB3MaytEJ32C3UpLdXLhUB69CqB3CrTDObeCp7vMtK1pUOjMufZYKe+YslNi1mFVu19jhnKwAzLtc8zkmDn5svBWX+iPcNq8rl3ZEuqL/fbJwglVHAOe5pAIdxVAocLdt4+LuaUjgC/Gmo66mzg0qDjKfloZ3C7H2Zw=,iv:hQgQ3NJrxkIgYc2Wdw/r7+fkkhqZiRUHcumkJJkEEFI=,tag:mGS/QD2+36uobPPzgDmqvw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2