encrypt borg repository

also backup to AWS EC2 instance

nixos/secrets/borg_passphrase.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 aqswPA BWfWJ0Detm+1l0tYnjR9n5rIUBfdHb/wTnZnGoYx6SU
+gp5vcIXtJpF6KJ0cHJ6GRpHQvxi7ij//1LH0afFoRuo
+--- exwOM8D5yMcDFp0uzRnbD6TWSgs12WmZo7sKlnHYOwY
+4Öš¾0
+e(+×}²½f%Àã^‘ kÀbד{WèŒôVüPän­×“ù:…Å6ý£s

nixos/secrets/secrets.nix

@@ -1,3 +1,4 @@
+# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.
 let
   pkgs = import <nixpkgs> { };
   lib = pkgs.lib;
@@ -29,6 +30,8 @@ let
         "lewis_host_ed25519.age"
         "lewis_user_ed25519.age"
         "database_passwords.env.age"
+        "borg_passphrase.age"
+        "ec2_borg_server.pem.age"
       ];
     };
   };