From ed5a55d734d578dec99af9c74b113bd898b83bd4 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Wed, 21 Sep 2016 13:43:04 +0200 Subject: [PATCH] Why not just do it as root? Because... ehm... hmm.. good point. --- modules/backup.nix | 6 +++--- pennyworth/configuration.nix | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/backup.nix b/modules/backup.nix index 8823f3f..27a221f 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -12,28 +12,28 @@ in type = types.loaOf types.optionSet; options = { dir = mkOption { type = types.str; }; - user = mkOption { type = types.str; }; remote = mkOption { type = types.str; }; keyfile = mkOption { type = types.str; }; + keyid = mkOption { type = types.str; default = "root"; }; exclude = mkOption { type = types.str; default = ""; }; interval = mkOption { type = types.str; default = "weekly"; }; }; }; }; config = mkIf cfg.enable { + # TODO: generate key in pre-start? systemd.services = let sectionToService = name: data: with data; { description = "Back up ${name}"; serviceConfig = { IOSchedulingClass="idle"; - User=user; #Type = "oneshot"; }; script = '' source ${keyfile} ${pkgs.duplicity}/bin/duplicity ${dir} ${remote} \ --ssl-cacert-file /etc/ssl/certs/ca-bundle.crt \ - --encrypt-key ${user} \ + --encrypt-key ${keyid} \ --exclude-filelist ${pkgs.writeText "dupignore" exclude} \ --asynchronous-upload \ --volsize 100 \ diff --git a/pennyworth/configuration.nix b/pennyworth/configuration.nix index e4d8333..d6b1192 100644 --- a/pennyworth/configuration.nix +++ b/pennyworth/configuration.nix @@ -53,9 +53,8 @@ in backups = { mail = { dir = "/var/spool/mail"; - user = config.services.mailz.user; remote = "webdavs://mail@yorickvp.stackstorage.com/remote.php/webdav//mail_bak"; - keyfile = "/var/backup/mail_creds"; + keyfile = "/var/backup/creds"; interval = "daily"; }; };