diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 3f643ca96d4c8c743ca81e5a76d7d8393722a91b..52809842c8877b2e9c5c87a9239d37c61f1b8896 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -11,5 +11,4 @@
"http://localhost:5000"
]
, "monitoringGoogleOAuthClientID": ""
-, "borgBackupRepoPath": "vjs989hy@vjs989hy.repo.borgbase.com:repo"
}
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 003f52a8287f916f523aa487ad8e8ce26a2161b7..088d9e8c79422b82d638a42aeab5da1fcf14f536 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -57,7 +57,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/local/public-keys/borgbackup/storage1.repopath b/morph/grid/local/public-keys/borgbackup/storage1.repopath
new file mode 100644
index 0000000000000000000000000000000000000000..7e24d080bc7e8f29c0f28404e149e2fdb65dca45
--- /dev/null
+++ b/morph/grid/local/public-keys/borgbackup/storage1.repopath
@@ -0,0 +1 @@
+vjs989hy@vjs989hy.repo.borgbase.com:repo
diff --git a/morph/grid/local/public-keys/borgbackup/storage2.repopath b/morph/grid/local/public-keys/borgbackup/storage2.repopath
new file mode 120000
index 0000000000000000000000000000000000000000..f8e96aa803817b407aa0829c7bfcc451703b557e
--- /dev/null
+++ b/morph/grid/local/public-keys/borgbackup/storage2.repopath
@@ -0,0 +1 @@
+storage1.repopath
\ No newline at end of file
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 7d734e2303f6959a22aa013e4bab2aa5725d09a1..8cdeaab993fd894783953e7c8f51cd9ea3bed96d 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -17,5 +17,4 @@
"https://private.storage"
]
, "monitoringGoogleOAuthClientID": "802959152038-klpkk38sfnqmknn1ucg7pvs4hcc2k8ae.apps.googleusercontent.com"
-, "borgBackupRepoPath": "still-to@fill-in.repo.borgbase.com:repo"
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 2e9a10293d1718c9e5c34faefcb4563b58277667..06fe07f8277bf81e26e2f9f735783614c117a7b3 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -19,7 +19,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/production/public-keys/borgbackup/storage001.repopath b/morph/grid/production/public-keys/borgbackup/storage001.repopath
new file mode 100644
index 0000000000000000000000000000000000000000..8ab7655f7f49a3aaa87e37a341597aefb14372cd
--- /dev/null
+++ b/morph/grid/production/public-keys/borgbackup/storage001.repopath
@@ -0,0 +1 @@
+tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/grid/production/public-keys/borgbackup/storage002.repopath b/morph/grid/production/public-keys/borgbackup/storage002.repopath
new file mode 120000
index 0000000000000000000000000000000000000000..307413014b63c9b02305e5c01409d2397d819b8f
--- /dev/null
+++ b/morph/grid/production/public-keys/borgbackup/storage002.repopath
@@ -0,0 +1 @@
+storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage003.repopath b/morph/grid/production/public-keys/borgbackup/storage003.repopath
new file mode 120000
index 0000000000000000000000000000000000000000..307413014b63c9b02305e5c01409d2397d819b8f
--- /dev/null
+++ b/morph/grid/production/public-keys/borgbackup/storage003.repopath
@@ -0,0 +1 @@
+storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage004.repopath b/morph/grid/production/public-keys/borgbackup/storage004.repopath
new file mode 120000
index 0000000000000000000000000000000000000000..307413014b63c9b02305e5c01409d2397d819b8f
--- /dev/null
+++ b/morph/grid/production/public-keys/borgbackup/storage004.repopath
@@ -0,0 +1 @@
+storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage005.repopath b/morph/grid/production/public-keys/borgbackup/storage005.repopath
new file mode 120000
index 0000000000000000000000000000000000000000..307413014b63c9b02305e5c01409d2397d819b8f
--- /dev/null
+++ b/morph/grid/production/public-keys/borgbackup/storage005.repopath
@@ -0,0 +1 @@
+storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index 914ffd4486acc2bfc3d106a29872d2feb9364d7d..ba48a27deea9d35150b1834727b659e4972bd2e5 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -18,5 +18,4 @@
, "https://privatestorage-staging.com"
]
, "monitoringGoogleOAuthClientID": "802959152038-6esn1c6u2lm3j82lf29jvmn8s63hi8dc.apps.googleusercontent.com"
-, "borgBackupRepoPath": "tqxc4i79@tqxc4i79.repo.borgbase.com:repo"
}
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 65adee9fb5c33faa47d740de44f81b80873d5f57..c033da1279fa44800e994dc07df3f5febc97d60d 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -19,7 +19,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/testing/public-keys/borgbackup/storage001.repopath b/morph/grid/testing/public-keys/borgbackup/storage001.repopath
new file mode 100644
index 0000000000000000000000000000000000000000..8ab7655f7f49a3aaa87e37a341597aefb14372cd
--- /dev/null
+++ b/morph/grid/testing/public-keys/borgbackup/storage001.repopath
@@ -0,0 +1 @@
+tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index bfaa4f48a7c83a9dfa3680e648a4ef93441a8016..4173497720901bacd13555c22abbec04c08d76be 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -30,6 +30,7 @@
The domain name and port of the monitoring VPN endpoint.
'';
};
+
letsEncryptAdminEmail = lib.mkOption {
type = lib.types.str;
description = ''
@@ -37,12 +38,6 @@
certificate issuance.
'';
};
- borgBackupRepoPath = lib.mkOption {
- type = lib.types.str;
- description = ''
- The Borg backup repository shared between all nodes of one grid.
- '';
- };
};
# Any extra NixOS modules to load on all our servers. Note that just
diff --git a/morph/lib/borgbackup.nix b/morph/lib/borgbackup.nix
index 9d17629dd9e73064b864b21a4a103c7d3d3210d5..229dc218bc537d03e23052c51ea8ae42d851a5dd 100644
--- a/morph/lib/borgbackup.nix
+++ b/morph/lib/borgbackup.nix
@@ -6,7 +6,7 @@
{ lib, config, ...}:
let
cfg = config.services.private-storage.borgbackup;
- inherit (config.grid) publicKeyPath privateKeyPath borgBackupRepoPath;
+ inherit (config.grid) publicKeyPath privateKeyPath;
# Get a per-host number of hours to start the backup at a
# time that should be "night" in most of the USA:
@@ -46,9 +46,8 @@ in {
services.borgbackup.jobs = {
daily = {
paths = cfg.paths;
+ repo = lib.fileContents "${publicKeyPath}/borgbackup/${config.networking.hostName}.repopath";
doInit = false;
- repo = borgBackupRepoPath;
- archiveBaseName = config.networking.hostName;
encryption = {
mode = "repokey-blake2";
passCommand = "cat /run/keys/borgbackup/passphrase";