duplicity: port passphrase to secrets file
This commit is contained in:
parent
a9b7b614b8
commit
e207ca56dc
|
@ -6,7 +6,8 @@
|
||||||
services.duplicity.targetUrl = secrets.duplicity.url;
|
services.duplicity.targetUrl = secrets.duplicity.url;
|
||||||
# format: PASSPHRASE=<cleartext>
|
# format: PASSPHRASE=<cleartext>
|
||||||
# two sisters
|
# two sisters
|
||||||
services.duplicity.secretFile = /etc/nixos/secrets/duplicity_env;
|
services.duplicity.secretFile =
|
||||||
|
builtins.toFile "duplicity_env" "PASSPHRASE=${secrets.duplicity.passphrase}";
|
||||||
# NB: manually trigger with `systemctl start duplicity`
|
# NB: manually trigger with `systemctl start duplicity`
|
||||||
services.duplicity.frequency = "daily";
|
services.duplicity.frequency = "daily";
|
||||||
services.duplicity.exclude = [
|
services.duplicity.exclude = [
|
||||||
|
|
|
@ -6,6 +6,8 @@
|
||||||
# ^ run this until you get a key with no forward slashes :upside_down:
|
# ^ run this until you get a key with no forward slashes :upside_down:
|
||||||
# web-created keys are allowed to delete files, which you probably don't want for an incremental backup program
|
# web-created keys are allowed to delete files, which you probably don't want for an incremental backup program
|
||||||
duplicity.url = "b2://<REPLACEME:KEY_ID>:<REPLACEME:APPKEY>:<REPLACEME:BUCKET>";
|
duplicity.url = "b2://<REPLACEME:KEY_ID>:<REPLACEME:APPKEY>:<REPLACEME:BUCKET>";
|
||||||
|
# remote backups will be encrypted using this (gpg) passphrase
|
||||||
|
duplicity.passphrase = "<REPLACEME>";
|
||||||
|
|
||||||
# to generate:
|
# to generate:
|
||||||
# wg genkey > wg0.private
|
# wg genkey > wg0.private
|
||||||
|
|
Loading…
Reference in New Issue
Block a user