]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/backup.nix
aubergine: sftp: do not bind on off2
[julm/julm-nix.git] / hosts / aubergine / backup.nix
1 { pkgs, lib, config, hostName, ... }:
2 {
3 users.users.backup = {
4 isSystemUser = true;
5 shell = config.users.users.root.shell;
6 group = config.users.groups.disk.name;
7 openssh.authorizedKeys.keys = [
8 (lib.readFile ../pumpkin/syncoid/ssh.key.pub)
9 ];
10 };
11 # Trigger import when disks are plugged
12 services.udev.extraRules = ''
13 SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
14 ACTION=="add", ENV{SYSTEMD_WANTS}+="zfs-import@off2.service"
15 SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
16 ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block zfs-import@off2.service"
17 '';
18 # Setup permissions on disk off2
19 systemd.services."zfs-import@".serviceConfig.ExecStartPost = pkgs.writeShellScript "zfs-allow" ''
20 set -eux
21 pool="$1"
22 case "$pool" in
23 (off2) zfs allow -u ${config.users.users.backup.name} change-key,compression,create,destroy,mount,mountpoint,receive,rollback "$pool"/julm/backup;;
24 esac
25 '' + " %I";
26 systemd.tmpfiles.rules = [
27 "z /dev/zfs 0660 - ${config.users.groups."disk".name} -"
28 ];
29 systemd.services.sanoid.serviceConfig.SupplementaryGroups = [
30 config.users.groups."disk".name
31 ];
32 services.sanoid = {
33 enable = true;
34 extraArgs = [ "--verbose" ];
35 datasets = {
36 "${hostName}/home" = {
37 autosnap = true;
38 autoprune = true;
39 hourly = 12;
40 daily = 3;
41 monthly = 0;
42 yearly = 0;
43 recursive = true;
44 };
45 "${hostName}/var" = {
46 autosnap = true;
47 autoprune = true;
48 hourly = 12;
49 daily = 1;
50 monthly = 0;
51 yearly = 0;
52 recursive = true;
53 };
54 "off2/julm/perso" = {
55 autosnap = true;
56 autoprune = true;
57 frequently = 0;
58 hourly = 1;
59 daily = 7;
60 monthly = 0;
61 yearly = 0;
62 recursive = true;
63 };
64 "off2/julm/public" = {
65 autosnap = true;
66 autoprune = true;
67 frequently = 0;
68 hourly = 1;
69 daily = 7;
70 monthly = 0;
71 yearly = 0;
72 recursive = true;
73 };
74 "off2/julm/virt" = {
75 autosnap = true;
76 autoprune = true;
77 frequently = 0;
78 hourly = 1;
79 daily = 2;
80 monthly = 2;
81 yearly = 0;
82 recursive = true;
83 };
84 "off2/julm/backup/das1/julm/perso" = {
85 autosnap = false;
86 autoprune = true;
87 frequently = 1;
88 hourly = 12;
89 daily = 7;
90 monthly = 3;
91 yearly = 0;
92 recursive = true;
93 };
94 "off2/julm/backup/das1/julm/public" = {
95 autosnap = false;
96 autoprune = true;
97 frequently = 1;
98 hourly = 0;
99 daily = 1;
100 monthly = 3;
101 yearly = 0;
102 recursive = true;
103 };
104 "off2/julm/backup/losurdo" = {
105 autosnap = false;
106 autoprune = true;
107 frequently = 1;
108 hourly = 1;
109 daily = 7;
110 monthly = 1;
111 yearly = 0;
112 recursive = true;
113 };
114 "off2/julm/backup/mermet" = {
115 autosnap = false;
116 autoprune = true;
117 frequently = 1;
118 hourly = 1;
119 daily = 7;
120 monthly = 1;
121 yearly = 0;
122 recursive = true;
123 };
124 "off2/julm/backup/oignon" = {
125 autosnap = false;
126 autoprune = true;
127 hourly = 0;
128 daily = 7;
129 monthly = 3;
130 yearly = 0;
131 recursive = true;
132 };
133 "off2/julm/backup/pumpkin" = {
134 autosnap = false;
135 autoprune = true;
136 hourly = 12;
137 daily = 7;
138 monthly = 3;
139 yearly = 0;
140 recursive = true;
141 };
142 };
143 };
144 }