dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/vaultwarden: Add backup

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-08-06 16:24:36 +01:00
parent 690dd6e70e
commit 6439a32c6e
6 changed files with 129 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.keys/zh2855.rsync.net.pub Normal file
View File

@ -0,0 +1,3 @@
zh2855.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
zh2855.rsync.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLR2uz+YLn2KiQK0Luu8rhfWS6LHgUfGAWB1j8rM2MKn4KZ2/LhIX1CYkPKMTPxHr6mzayeL1T1hyJIylxXv0BY=
zh2855.rsync.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPgHxQyaDaVxUefoUJZO/lITh0Gp0sqbP7HejQcCfZi7gAcuM6/IAuUXLHFImefCHh52x6T/cHxgL1qz26GKgdxykl06WRXlRIuE45QFSy/cd9JKr6l58fKq30ApmXRsCNwFrMlFPoEpCTqxzddZ9cLXs1Yt9dRxvFlQVEuAzw7ayvt8DE6RP9/CHYVp54wbbvUToECGwu70sxY1vFg51K+vNpvJ3J0t5j3s4c1Wls4BrIwqi2U8kqCq9Nj2CUIQqjM+93CSqEacR3qOGvG/6QMzd733wzpJ/iZee+lcyTYzA0YNMosnaF01hrv7NMwtZ6xRFLlJZtMZ7JpfySrOBr

1
lib/default.nix
View File

@ -260,5 +260,6 @@ rec {
sshKeyFiles = { sshKeyFiles = {
me = ../.keys/me.pub; me = ../.keys/me.pub;
deploy = ../.keys/deploy.pub; deploy = ../.keys/deploy.pub;
rsyncNet = ../.keys/zh2855.rsync.net.pub;
}; };
} }

33
nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
View File

@ -36,7 +36,11 @@ in
secrets = { secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP2mF50ENpnJnr+VTnG9P+JFPjgwvoIxCLyJPzXRpVy"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP2mF50ENpnJnr+VTnG9P+JFPjgwvoIxCLyJPzXRpVy";
files."vaultwarden.env" = {}; files = {
"vaultwarden/config.env" = {};
"vaultwarden/backup-pass.txt" = {};
"vaultwarden/backup-ssh.key" = {};
};
}; };
firewall = { firewall = {
@ -57,6 +61,10 @@ in
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal; network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
}; };
programs.ssh.knownHostsFiles = [
lib.my.sshKeyFiles.rsyncNet
];
services = { services = {
vaultwarden = { vaultwarden = {
enable = true; enable = true;
@ -86,7 +94,28 @@ in
PUSH_ENABLED = true; PUSH_ENABLED = true;
}; };
environmentFile = config.age.secrets."vaultwarden.env".path; environmentFile = config.age.secrets."vaultwarden/config.env".path;
};
borgbackup.jobs.vaultwarden = {
paths = [ vwData ];
repo = "zh2855@zh2855.rsync.net:borg/vaultwarden2";
doInit = true;
environment = {
BORG_REMOTE_PATH = "borg1";
BORG_RSH = ''ssh -i ${config.age.secrets."vaultwarden/backup-ssh.key".path}'';
};
compression = "zstd,10";
encryption = {
mode = "repokey";
passCommand = ''cat ${config.age.secrets."vaultwarden/backup-pass.txt".path}'';
};
prune.keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
}; };
}; };
} }

13
secrets/vaultwarden/backup-pass.txt.age Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEhKL0o3QSBsZVF5
cXR6L0ptT2tYTHgreHN3TDVpWjlMQ0twR2RwWGg2TU13SGcwZzFzCkRxazBtNW9X
clNMNVRkd0NFa29OOHlSa0F6YWpldnZacHNEblo0a2VGSFEKLT4gWDI1NTE5IDd5
RG1WNEF4bXVsT1loRnVIMW9kZHJRSkQ3MGtlL1pXTk9GeXlDYzBVSFUKY3pBNmJn
Z3BwaWt5bC9IbUtJY3dvU2dnOEs5YlFWbkg1U0JZQVBNdHQ5TQotPiBwWE1DJl0+
LWdyZWFzZSBLQWorMWdsIHRLLXgtWlQKSHI4SDIvOWkxc0p4K1dJQWJkS2dBY2th
VmdFTGZCSmN0MXdhWmdSYXZjQ2F6RnpFZzFwZmdDZTczZEZRQStiVAprU1IwNXpB
MmwyVENnZEY1QWxubXVFZ25yN0ZEMjY2bWlSUHo5aERYZUVDY3Nvbi9TalhlL2ow
ZVg0azIKLS0tIGZRREMxbzNJMS9lcmxHc2h0R0Q4RE0ydCs5UllVd2E2VEZsWGhC
TzNQVjgKG6a4HjO/hBX3LAwPgNS0vlS8gWONV+4QUn6uGu3kRY5oSurEhXygVGHT
5Zqa84828A==
-----END AGE ENCRYPTED FILE-----

81
secrets/vaultwarden/backup-ssh.key.age Normal file
View File

@ -0,0 +1,81 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEhKL0o3QSA0c0dI
ZStSMHRncFlOaG92U0t3OFc2OE9xWWZ4UjZ0bVh0TFZtbTE5aFVrCi9lVGxPTmhx
QjhZUHVlVGk3ZUMycmkwZDZrMmpWV2UwVEwrTUlWZ1FsSHMKLT4gWDI1NTE5IGJi
ZmJacDFhVVJVdklJZUpnUFg0b0RDbVZqN0hLQUtqOWEvbVEyOUtUWDQKZzhOR3da
TUpvTHVFbXpXLy9jRDZyNHRWbWgrRkVMMHZmZUZFTm9KSGwxZwotPiA/Z203LWdy
ZWFzZSBPVFgoCk9DaDFyRm1jMDhqc1laUGRPT2VtK1k5eWxkZHBzQXNOMnM5WkxC
WjBoWm01blloV3NSawotLS0gd05iVmUwd3V4cXp4NHduQmw3U2FOcEU0NWp6RGZ1
WjdiQ1Y1a25nYXI0WQp97YzYsNIViuyI7Mp4AFiDn4Uwi8b5IdH8tTqCLRo6Yrqx
DgJQ1DEkBYq9EWXKI6zczfCWS9FfK73KK9TKcI8XcZxgNTArNiFv6c4eL+I8dfdn
+Yuthm5oV2w7mQyfOkiT4VWrKPphk7GD1qUXoxIVtjxPyUYcYSoJBqI/HD+oA24m
kqxTX/FS6rA9rfXZsXB81G2KXHMVXd0wnOKikQN9gUL8u0WAKkkYbHO83GynWuui
riYCTM5gK8mjRf5ZTMTbFOY0iRup+5jmSRwKtwR/umjPYniZ5cyQMOc2fioDfC5B
5nD2Vg8kec81wkKck4a405hBdcehSSGpPrSSFUeXIzewckecpmMw82Bs2U4O9lnI
oUhCFsrnFTkZHHSyeaKvhjC1MXZgo/OFnF2k/fWJXQeiRhl+S3H9G9z++8ogcsj+
HKaWkg1bD9EiTTeLxKithagx4RoTqZP8i3PB5KbY5wh5CUxd5+8SS1JjsDWfQBvf
xhIc7ecp415hp4qU5f+Z4t+v+EXffFt3INs3II4R0vB1B3GdIsco85yazQFBwbT0
T13jlWT8BQBCW+xxhqb34nRblYgNYCT35XgOd58+VVh27bzoeItr9B4axbXWbQp9
tgmFM9qVPqO+PBOScqsgBHUmpNJhOEkithTORr66rvgve2dya3E6C+QhKLQQKP/S
cwJCuC3Y/uqFfY+RURrlgAIYszSNdmvWs4rSe4q5gJKOKhyrWU27Opqn82wzPTWz
GdlpBR0QDb2tbmdRvcaVdV1oeJjrtY5vlVIoGJOpBManADMKwgiaH6Hkb8pLYM9o
793NEYB5TEiblb16bLDQYxn9bZo4p5yAzqL1mbbj+Y5ikvWJ+HLqA5w4a8wjioPD
SxjI2zqDnYQjVW6f9ZZONnbBM8oOkqxyBaIIn4Kh+BPr16TQYT12SQKIY2OL4OnD
2etsjTEuoANd1U0l4+i3Tc34lMai6DQbIUc4sHROo8GAarCcrybYKi+XoRh3twGJ
nKsdCsTW6Jq1eUwAiWvdNz2wuFUEWZnAdYHw0dr6q+8voWefUoUwfn2RcxK0Ix3G
zQbxqv7FZntlx9oyzheJwKZ04Au/xYmeFVvxxuAgz+8/mXOUn8qhdaIf89DLnLmE
vJRYVTdHl9/zcKeQIthwCi27VUXIMe7uOsGqvdRSuMDq4whBV/ZiEIRuR8QJp0rT
EMODc0DVHyiq9cAxb3AQ4geQw/wHzUTULY80JmNW+0UJfKwL7pYNsYNFMaf96Hz4
9GAK/NVPcaPh1XJ97Jk/Iojhm9z8jSYhQ9+Br33MKT+YqJmn0jwBcOTsR9rCyBcD
0a3plF2BE/soLO23Hk4ZheL2VNHqqxUIQqIjm+CB762ONn4QHOJaqL21haYsweZ3
XgNOg4gMonJkFye2TDZeCXnxjgHllu5915JiCTtK+ZhaMx/+wR5/iHgdKIxSTR0I
tMrpwmNgB5fM66M1iOx4GLTTsMEhTjIRegGI6fcnWKq+AsMOAa2BreiXq10afFn1
mQar08aN6Jya5SeUls8VvEzjtb9DDcWVVP/k1/WhicwUkaeF94XBKNrHmsd3Vagm
oHXUx2Sej9f4UxYOVUWA12DLxdRV6cAkOSti17pYWbhMSeUsel+2qvwqn5X37EYe
E5nobgfkE8lNy8mEDgEegvInui8TOpLHUWXgyYnaSTFMDV39bSRuQ1OCoCJ3Mgmk
e72XwnECyaxYHWbqriTo+JoK811/FuEHTyEuOzNHAqho8EO26FewGiK+mswS+QKx
JCANQ5dZ+jVVyj4cp5PTyt+KTDToT1ckrbvV0q+FK5/1cIvYVM3Av/jMnm0oR2J8
MHzBA/zgmdR+xI3ienOuytAH9douAvcrVx0bFUm8CuTE8WjP9xK8rc8iLV8A0I62
Y0PLlLQDL5B2y2Nog1IBbJEv4rbDDMx0XiGRjOQ5AukeDdK+wN2+eizGczBe19lP
gJsm5w20mbLgyQMlV2+iZ9qVV0kM7mYIIHQ1s5mMZyaQRtI2YWP/QmIfAB/pVcEm
fTdLM/xtYhblKsPll+Z5LJtwzx5/kJYEZnKtUFz8F7JWt3fsul0yPVSHeoDJibn3
CbLONJSDFMCVGHUesBhmjiNbYhghr3oi31pRywWOpYtqSQ6jgJLPDRXN9eXPmuid
GQXzyDOT9z8o6CHk5YvOcdSnjHKQR4DGj0V9qOeu6gf2bMMZPgHg49R52Zm/flhU
YhdFbi5jXjWV44vukE1k8y3vylHg14CBBzJlNZz71+Mk1iahw5XbhFdYUnucnVhz
dd24XKIfsUcMtObb7YEM+JkEzET3D+QjULuZe7puwCFoeFR8JCesrQx+MGHmshVz
WBLpUY4lW6gaiojwx55o4zd0bVcEEFkJOaOImWql8XARya5vkokipanunpk1dPQ4
cxvhEOPc5blSVghs2hFSpxVhOCPbRNQV3fh5WAJGJFR9rw7JvGeKzGLAwx3fpf/9
EcDLOSbdFOx7lupJOv7EmkbJBmKf68zowCnq2WkRDBkiwErwKvymEpMCbIMo9/Ci
4DSzBwHwuCAQnReGBerTWHF3qrxcuwBp5pRzjYW2Rgorn+n7mZAAokJ4LE4nkzE5
TlKJP6Gn9/3T/vnLmBPwuBtDwqa1CyDJc4VfIodhjiKiDghnKPQGTAWqqwX8qZQ4
JW3BWcTIdxO4mcHzoIeEdEIF4A8or8s3AxK35FMWu3ZHRpT8U7A3f0R0sTQDeBjK
ke4qfDy6F28SYX1v22fg7B1eBX3PT8YE3OyFs2xkNOanV0KAPVGdJlKd4JhqlFUT
uABCNlvixzMzR2JqJPvBQhltl2OiSbaqmlV5ot818D+qZQj03wg0oqWJivBzR3FQ
++31SUkN/SgbiEtAtfpnIDBIeUlZh3W1oIUth6zmn/WawAk0sdpx+KxkLVr96vMX
EG0bcOr0jZ7ENwCBmlm6bHrI0e+Z4iYAtH5dR8VL9lCwuR0ITioGIR8HOKLG9DWt
qxZI/I/peccj5AO0gHQtPC+OCsCoSvGORtaZoIaj+BGLmK9IePhFCULOWakYXxvE
l41nyr9dGwdwKFRLKt1Ovc6AmTKYh3IxPs0Lbr/rKayM7w4WfpMZa9tKbLr7WRC6
zogyEZpt8kwFs2GivcBwHIVeAOHqVSP1IUxZFBeWRSyjlQLE5+yOVw990tgONxSe
flzTNE9/wkQIYjqLK9UTtJJ0pbuegzyYipQWUdOKjdMI9bm+yvfgHcQS+bI9R2Ul
hJg/ixP3FxxJ4yWNtf6ooHH943w8IYd5oSkL3yPXyGQ8iWEFakvekf8478IGIV9k
ry/JKf+qEMPxmWIfUiHlOAW2y45jYWGp9bHfurvuF0yehsRagpFxeugnEQtbV33i
rXuJEZ/k1SJQ//wXuFlY4S4QSY3DxbhOD3gmo8YQSpCNgy5UjbPcHrElyJ+M5psj
Epzb4Fq/nnOwX/lB1EqWvGpfJsgwPOP6YH6X9smsC2y/ck1M+Au7q1ybiTDiqKs0
5wMKxlnlM99fE5g/p7JmWGNuCmpV2SZl/TaYwMGYGYqi7w+tJS7ChiHX8vjCBVl6
e+r5gu7eDPRMznmwPcie/lc3kryTYGg/phsR/g8kBPpRW/fkDQoA4vv0UIRoARCe
CPYjPafLiozI5ji3rhTcsvejzjJWX5MOMLSUKZ4Wz37K8ygQZ2bGnI9rVCVc9Jl+
cVkHvwk3rxbQivLgdmctDLZiMVc8++dW2J3CfGwcZpri3MsDEiprEWn6dp/WT95c
vBXsg1xwL6ouuRRHI1l1l2nzTrU7uWetvOovyJisB03GszmW8VtGzJvB2Hg4thMX
ZNrxQqq/9Wz7d9Txmd0QTRBL7vXQ01P/Lu/LN2QZMJC7vMKvuz+uoM7tJ8Vgz3hR
ybwcm1BtzrnGwfisyTwWPe6pnHjW/dkRzvC70uy8wwrRxMWdPKHOIQSWgKbTyXGd
UvHEo4fySnLPttP6bZ5xVXPjMb67vS8i+b0rbA2k2yDWc5mGdbSkmmH12CupRiuU
KoSdUQXlFzhih/3vKJwpq0X5GGdG9zXlAtCl480kWyaIOe0QEQrvJPL55T6JDBK8
Jn5DkPyqx+espYS6LcfsXCTo5pGsZYNRexHYdglyRZo/EPw9uLmHrYWLLwt3iAma
FGRfNtY4OEK8Jx8baMhrs2xeVJLIPLyhrFtyfCIGwfUmzOap+Z0SWS+kxfXxOWek
IhwlbkCwpuvy1VrSdRgwZx0K94NZcUcsoLolV9q+HVCejhIKq88zvCNYri9wlh69
/0w5/oI1CD7ONwMkCU4EkzvdItTEg9lA/zZmF5rxEDptZ1QXa37kw73LvRwNz5zO
NMMaCAF8AbplPo8CnuPMItgsIbX3g+eULZUQoBcRW5WngnIOhRmL26t9MYZCNwHn
y3dZICDl9WjmbWEYEv4j9eUJclKyLO+jwbGBCQXy9EiHw+Rb3N7EOtWtter2Lwhm
kQhKrKTQUhkMLBNiPGOxvInYjy2i3IFOM6rdh5PFMbJ9GTlXDLygWtcXEiwabYT1
aQnyOD1SkZHIe4fYtyyNrpfWGQ==
-----END AGE ENCRYPTED FILE-----

0
secrets/vaultwarden.env.age → secrets/vaultwarden/config.env.age
View File