mauville: idempotent backblaze authentication (#37)

* mauville: add backblaze secrets

* mauville/home: authenticate with backblaze before nightly backups

* fix format

* mauville: move backblaze secret to home

* aly: setup backblaze secrets

* mauville: pass config to hm module
This commit is contained in:
Aly Raffauf 2024-07-15 23:53:15 -04:00 committed by GitHub
parent a16cd5ef41
commit 67d0f7f6ac
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 47 additions and 2 deletions

View file

@ -18,6 +18,11 @@ in {
self.inputs.nur.hmModules.nur self.inputs.nur.hmModules.nur
]; ];
age.secrets = {
backblazeKeyId.file = ../../secrets/backblaze/keyId.age;
backblazeKey.file = ../../secrets/backblaze/key.age;
};
home = { home = {
homeDirectory = "/home/aly"; homeDirectory = "/home/aly";
@ -26,6 +31,7 @@ in {
}; };
packages = [ packages = [
pkgs.backblaze-b2
pkgs.browsh pkgs.browsh
pkgs.curl pkgs.curl
pkgs.fractal pkgs.fractal

View file

@ -17,13 +17,25 @@
} }
]; ];
users.aly = lib.mkForce { users.aly = lib.mkForce ({
config,
pkgs,
lib,
...
}: {
imports = [self.homeManagerModules.aly]; imports = [self.homeManagerModules.aly];
systemd.user = { systemd.user = {
services.backblaze-sync = { services.backblaze-sync = {
Unit.Description = "Backup to Backblaze."; Unit.Description = "Backup to Backblaze.";
Service.ExecStart = "${pkgs.writeShellScript "backblaze-sync" '' Service.ExecStart = "${pkgs.writeShellScript "backblaze-sync" ''
# Authenticate with backblaze.
b2KeyId=`cat ${config.age.secrets.backblazeKeyId.path}`
b2Key=`cat ${config.age.secrets.backblazeKey.path}`
${lib.getExe pkgs.backblaze-b2} authorize_account $b2KeyId $b2Key
declare -A backups declare -A backups
backups=( backups=(
['/home/aly/pics/camera']="b2://aly-camera" ['/home/aly/pics/camera']="b2://aly-camera"
@ -32,6 +44,7 @@
['/mnt/Media/Audiobooks']="b2://aly-audiobooks" ['/mnt/Media/Audiobooks']="b2://aly-audiobooks"
['/mnt/Media/Music']="b2://aly-music" ['/mnt/Media/Music']="b2://aly-music"
) )
# Recursively backup folders to B2 with sanity checks. # Recursively backup folders to B2 with sanity checks.
for folder in "''${!backups[@]}"; do for folder in "''${!backups[@]}"; do
if [ -d "$folder" ] && [ "$(ls -A "$folder")" ]; then if [ -d "$folder" ] && [ "$(ls -A "$folder")" ]; then
@ -50,6 +63,6 @@
Unit.Description = "Daily backups to Backblaze."; Unit.Description = "Daily backups to Backblaze.";
}; };
}; };
}; });
}; };
} }

BIN
secrets/backblaze/key.age Normal file

Binary file not shown.

View file

@ -0,0 +1,24 @@
age-encryption.org/v1
-> ssh-ed25519 xIeYNQ 0eLTUD0+gpBV67tINrV3wJPvYLLZ+fWkyyNUkjTlVjY
Hku5xxDCcOvq9+odSaOmhot1QUYPlp8ap+IElqs5m5A
-> ssh-ed25519 g+apXg e/F8XZYo2dkbuP/P4cDGZLtLBcadF4gENH0fOIyM6Sk
XQJSvz6hUFxYFmk0X2FTePeh5JojOXF0ATISOa5ZgmQ
-> ssh-ed25519 osHDzw th+ZE7J9HthB4VPxcOReG7PVkh3hX1sjd8KnJs1dvFc
psvs6wQ4c0iLAOQlfScIngFb94OYLcmZ7jYNo2DBPos
-> ssh-ed25519 GrlIbA 0oCMgHSWUhFXu9pU2buDq9nO7P3T9cMDZ4b7kTqA5Sc
TvxWJU/laU+JYktaPU8V/OJEf3AGWpjv9QXvym6+sVY
-> ssh-ed25519 STQ5RA NYFHQGikY+IE5HD4lggPeZ4i/YQpETVjLxkEskCpfic
FNUroiFjS0AONQcJv5e+/+4b9FzgtUUm/HuaZHOmhQc
-> ssh-ed25519 nrny8w /dRtHkwucgHVT5uHud1wSqRh67/7vdPxyA5UMYAtyAw
1BLi+VpoBmlOlgOdGcOn9MAzjFL5HnsorVM73h8Qee0
-> ssh-ed25519 c7E/gQ gIDvCjkIbd43R6vfa65ngGd1xiHTPrbnA4O8WxJJOUA
g+Blq7FXbYx0mSgjSdTOHiLlC9tTT43LebWNUcpb02I
-> ssh-ed25519 W5caqg mZNrp9La5aj5r8qN0l0G78kPKypYoeeOXVZzTjhu2Vc
VpUQZQpMGKWZXDFiBFfUiYGey9jICPBYMaqZ5aO04eQ
-> ssh-ed25519 1mX44w c+NsOrCyoFdXIu2K0ZDn1Qih6+rii9wcb8tQlu8lEBw
GB+OdxQUF3i1Rl0UtJ+7eVJg89A9CQIKuiFYjAjExb0
-> ssh-ed25519 FhVeqQ NImafw9CGL4NRT50CHmuXyhCj5zNm0fzbCv4MyNvRC4
Q+VVd73FmOuase22MLEntFaVQkXTb9dsXW153CPw21g
--- XmBwIXTnJG7z92lXYsA+y+0L8W96a2vsiTMz87pe8CI
ã~”E<Y Oªà_Ÿc Ø L}#àgÕñX:J <0B>m“!
øÖGŸŸ}67º•W”ZªÀï:L

View file

@ -17,6 +17,8 @@ let
userKeys = builtins.map (user: builtins.readFile ./publicKeys/${user}.pub) users; userKeys = builtins.map (user: builtins.readFile ./publicKeys/${user}.pub) users;
keys = systemKeys ++ userKeys; keys = systemKeys ++ userKeys;
in { in {
"backblaze/key.age".publicKeys = keys;
"backblaze/keyId.age".publicKeys = keys;
"cloudflare.age".publicKeys = keys; "cloudflare.age".publicKeys = keys;
"lastFM/apiKey.age".publicKeys = keys; "lastFM/apiKey.age".publicKeys = keys;
"lastFM/secret.age".publicKeys = keys; "lastFM/secret.age".publicKeys = keys;