duplicity: port passphrase to secrets file
This commit is contained in:
parent
a9b7b614b8
commit
e207ca56dc
|
@ -6,7 +6,8 @@
|
|||
services.duplicity.targetUrl = secrets.duplicity.url;
|
||||
# format: PASSPHRASE=<cleartext>
|
||||
# two sisters
|
||||
services.duplicity.secretFile = /etc/nixos/secrets/duplicity_env;
|
||||
services.duplicity.secretFile =
|
||||
builtins.toFile "duplicity_env" "PASSPHRASE=${secrets.duplicity.passphrase}";
|
||||
# NB: manually trigger with `systemctl start duplicity`
|
||||
services.duplicity.frequency = "daily";
|
||||
services.duplicity.exclude = [
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
# ^ run this until you get a key with no forward slashes :upside_down:
|
||||
# web-created keys are allowed to delete files, which you probably don't want for an incremental backup program
|
||||
duplicity.url = "b2://<REPLACEME:KEY_ID>:<REPLACEME:APPKEY>:<REPLACEME:BUCKET>";
|
||||
# remote backups will be encrypted using this (gpg) passphrase
|
||||
duplicity.passphrase = "<REPLACEME>";
|
||||
|
||||
# to generate:
|
||||
# wg genkey > wg0.private
|
||||
|
|
Loading…
Reference in New Issue
Block a user