blumeops

History

Erich Blume a5765f9cf2 Add op-backup mise task for encrypted 1Password disaster recovery (#136 ) ## Summary - Adds `mise run op-backup` task that encrypts a 1Password .1pux export with `age` using the master password + secret key as passphrase, SCPs to indri for borgmatic pickup, then deletes the plaintext - Adds `age` to the Brewfile - Borgmatic already backs up `/Users/erichblume/Documents` on indri, which covers the `1password-backup/` subdirectory — no config change needed ## Disaster recovery 1. Restore borgmatic archive to retrieve the `.age` file 2. Open Emergency Kit from safety deposit box 3. `age --decrypt <file>.age > export.1pux` (passphrase: `{master_password}:{secret_key}`) 4. Open `.1pux` with 1Password or unzip to inspect ## Usage ``` # Export all vaults from 1Password desktop app as .1pux, then: mise run op-backup ~/Documents/1Password-export.1pux # Or run without args for interactive prompt: mise run op-backup ``` ## Test plan - [ ] `brew install age` - [ ] Export a test vault from 1Password as .1pux - [ ] Run `mise run op-backup` with the export path - [ ] Verify encrypted file appears on indri at `~/Documents/1password-backup/` - [ ] Verify plaintext .1pux is deleted from gilbert - [ ] Test decryption: `age --decrypt <file>.age > test.1pux` with password:secret_key - [ ] Verify decrypted .1pux can be opened/unzipped 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/136		2026-02-09 20:37:39 -08:00
..
blumeops-tasks	Filter blumeops-tasks to hide future-dated tasks (#124 )	2026-02-08 10:38:44 -08:00
container-list	Migrate registry to Caddy (registry.ops.eblu.me) (#58 )	2026-01-25 12:06:15 -08:00
container-tag-and-release	Remove confirmation prompt from container-tag-and-release	2026-02-03 16:59:55 -08:00
dns-preview	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
dns-up	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
docs-check-filenames	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113 )	2026-02-06 07:08:46 -08:00
docs-check-index	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113 )	2026-02-06 07:08:46 -08:00
docs-check-links	docs/expose-service-publicly pt2 - fly.io (#119 )	2026-02-08 00:38:27 -08:00
docs-review	Add docs-review task with last-reviewed frontmatter tracking (#129 )	2026-02-09 07:29:45 -08:00
docs-review-stale	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113 )	2026-02-06 07:08:46 -08:00
docs-review-tags	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113 )	2026-02-06 07:08:46 -08:00
ensure-minikube-indri-kubectl-config	P5.1: Migrate minikube from podman to QEMU2 driver (#38 )	2026-01-21 16:03:37 -08:00
fly-deploy	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
fly-setup	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
fly-shutoff	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
indri-runner-logs	Add Caddy layer4 for Forgejo SSH (#56 )	2026-01-25 11:37:23 -08:00
op-backup	Add op-backup mise task for encrypted 1Password disaster recovery (#136 )	2026-02-09 20:37:39 -08:00
pr-comments	Add Caddy layer4 for Forgejo SSH (#56 )	2026-01-25 11:37:23 -08:00
provision-indri	Set MISE_TASK_OUTPUT=interleave in provision-indri	2026-01-14 14:15:11 -08:00
provision-sifaka	Operations and observability for sifaka NAS (#135 )	2026-02-09 17:44:05 -08:00
services-check	Fix Immich/Homepage Ingress host matching, add missing service checks (#127 )	2026-02-08 22:12:50 -08:00
tailnet-preview	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
tailnet-up	Add Fly.io public reverse proxy for docs.eblu.me (#120 )	2026-02-08 02:36:19 -08:00
zk-docs	Fix zk-docs	2026-02-04 17:31:21 -08:00