How to Set Up Borg Backup on NixOS
@cadey Thanks for writing it up! I'm using borg on NixOS too and even planned to write a blog post about it, but you did it first :)
I didn't know about BorgBase nor about the borg-job-* scripts by the way; very nice!
p.s. nice joke about the xkcd shades of random :)
@cadey
Nice post!
Hey, have you heard of the sops-nix[1] project?
It's a wrapper for NixOS around Mozilla's Sops (Secret Operations) tool. A big different with nixops, morph and krops is that secrets are not mandatorily managed out of band, but can be stored encrypted in the nix store, simplifying deployments. One can then rely on a single secret shared out of band, or even just generate a secret locally on the target host (such as SSHD's initial key pair) and encrypt secrets for it.
[1]: https://github.com/Mic92/sops-nix
Nice post!
Hey, have you heard of the sops-nix[1] project?
It's a wrapper for NixOS around Mozilla's Sops (Secret Operations) tool. A big different with nixops, morph and krops is that secrets are not mandatorily managed out of band, but can be stored encrypted in the nix store, simplifying deployments. One can then rely on a single secret shared out of band, or even just generate a secret locally on the target host (such as SSHD's initial key pair) and encrypt secrets for it.
[1]: https://github.com/Mic92/sops-nix
@cadey oooh perfect, thanks!