]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/backup.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
pumpkin: adb: enable
[julm/julm-nix.git] / hosts / aubergine / backup.nix
1 {
2 pkgs,
3 lib,
4 config,
5 hostName,
6 ...
7 }:
8 {
9 users.users.backup = {
10 isSystemUser = true;
11 shell = config.users.users.root.shell;
12 group = config.users.groups.disk.name;
13 openssh.authorizedKeys.keys = [
14 (lib.readFile ../pumpkin/syncoid/ssh.key.pub)
15 ];
16 };
17 # Trigger import when disks are plugged
18 services.udev.extraRules = ''
19 SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
20 ACTION=="add", ENV{SYSTEMD_WANTS}+="zfs-import@off2.service"
21 SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
22 ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block zfs-import@off2.service"
23 '';
24 # Setup permissions on disk off2
25 systemd.services."zfs-import@".serviceConfig.ExecStartPost =
26 pkgs.writeShellScript "zfs-allow" ''
27 set -eux
28 pool="$1"
29 case "$pool" in
30 (off2) zfs allow -u ${config.users.users.backup.name} change-key,compression,create,destroy,mount,mountpoint,receive,rollback "$pool"/julm/backup;;
31 esac
32 ''
33 + " %I";
34 systemd.tmpfiles.rules = [
35 "z /dev/zfs 0660 - ${config.users.groups."disk".name} -"
36 ];
37 systemd.services.sanoid.serviceConfig.SupplementaryGroups = [
38 config.users.groups."disk".name
39 ];
40 services.sanoid = {
41 enable = true;
42 extraArgs = [ "--verbose" ];
43 datasets = {
44 "${hostName}/home" = {
45 autosnap = true;
46 autoprune = true;
47 hourly = 12;
48 daily = 3;
49 monthly = 0;
50 yearly = 0;
51 recursive = true;
52 };
53 "${hostName}/var" = {
54 autosnap = true;
55 autoprune = true;
56 hourly = 12;
57 daily = 1;
58 monthly = 0;
59 yearly = 0;
60 recursive = true;
61 };
62 "off2/julm/perso" = {
63 autosnap = true;
64 autoprune = true;
65 frequently = 0;
66 hourly = 1;
67 daily = 7;
68 monthly = 0;
69 yearly = 0;
70 recursive = true;
71 };
72 "off2/julm/public" = {
73 autosnap = true;
74 autoprune = true;
75 frequently = 0;
76 hourly = 1;
77 daily = 7;
78 monthly = 0;
79 yearly = 0;
80 recursive = true;
81 };
82 "off2/julm/virt" = {
83 autosnap = true;
84 autoprune = true;
85 frequently = 0;
86 hourly = 1;
87 daily = 2;
88 monthly = 2;
89 yearly = 0;
90 recursive = true;
91 };
92 "off2/julm/backup/das1/julm/perso" = {
93 autosnap = false;
94 autoprune = true;
95 frequently = 1;
96 hourly = 12;
97 daily = 7;
98 monthly = 3;
99 yearly = 0;
100 recursive = true;
101 };
102 "off2/julm/backup/das1/julm/public" = {
103 autosnap = false;
104 autoprune = true;
105 frequently = 1;
106 hourly = 0;
107 daily = 1;
108 monthly = 3;
109 yearly = 0;
110 recursive = true;
111 };
112 "off2/julm/backup/losurdo" = {
113 autosnap = false;
114 autoprune = true;
115 frequently = 1;
116 hourly = 1;
117 daily = 7;
118 monthly = 1;
119 yearly = 0;
120 recursive = true;
121 };
122 "off2/julm/backup/mermet" = {
123 autosnap = false;
124 autoprune = true;
125 frequently = 1;
126 hourly = 1;
127 daily = 7;
128 monthly = 1;
129 yearly = 0;
130 recursive = true;
131 };
132 "off2/julm/backup/oignon" = {
133 autosnap = false;
134 autoprune = true;
135 hourly = 0;
136 daily = 7;
137 monthly = 3;
138 yearly = 0;
139 recursive = true;
140 };
141 "off2/julm/backup/pumpkin" = {
142 autosnap = false;
143 autoprune = true;
144 hourly = 12;
145 daily = 7;
146 monthly = 3;
147 yearly = 0;
148 recursive = true;
149 };
150 };
151 };
152 }
julm's NixOS and home-manager configs