-{ hostName, ... }:
-with builtins;
{
+ pkgs,
+ lib,
+ config,
+ hostName,
+ ...
+}:
+{
+ users.users.backup = {
+ isSystemUser = true;
+ shell = config.users.users.root.shell;
+ group = config.users.groups.disk.name;
+ openssh.authorizedKeys.keys = [
+ (lib.readFile ../pumpkin/syncoid/ssh.key.pub)
+ ];
+ };
+ # Trigger import when disks are plugged
+ services.udev.extraRules = ''
+ SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
+ ACTION=="add", ENV{SYSTEMD_WANTS}+="zfs-import@off2.service"
+ SUBSYSTEM=="block", KERNEL=="sd*", ENV{ID_SERIAL}=="Samsung_SSD_860_EVO_1TB_S3Z9NR0N508159W", \
+ ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block zfs-import@off2.service"
+ '';
+ # Setup permissions on disk off2
+ systemd.services."zfs-import@".serviceConfig.ExecStartPost =
+ pkgs.writeShellScript "zfs-allow" ''
+ set -eux
+ pool="$1"
+ case "$pool" in
+ (off2) zfs allow -u ${config.users.users.backup.name} change-key,compression,create,destroy,mount,mountpoint,receive,rollback "$pool"/julm/backup;;
+ esac
+ ''
+ + " %I";
+ systemd.tmpfiles.rules = [
+ "z /dev/zfs 0660 - ${config.users.groups."disk".name} -"
+ ];
+ systemd.services.sanoid.serviceConfig.SupplementaryGroups = [
+ config.users.groups."disk".name
+ ];
services.sanoid = {
enable = true;
extraArgs = [ "--verbose" ];
autosnap = false;
autoprune = true;
frequently = 1;
- hourly = 1;
+ hourly = 12;
daily = 7;
- monthly = 0;
+ monthly = 3;
yearly = 0;
recursive = true;
};
autosnap = false;
autoprune = true;
frequently = 1;
- hourly = 1;
+ hourly = 0;
daily = 1;
- monthly = 0;
+ monthly = 3;
yearly = 0;
recursive = true;
};
yearly = 0;
recursive = true;
};
+ "off2/julm/backup/pumpkin" = {
+ autosnap = false;
+ autoprune = true;
+ hourly = 12;
+ daily = 7;
+ monthly = 3;
+ yearly = 0;
+ recursive = true;
+ };
};
};
}
sourcephile / git / julm / julm-nix.git / blobdiff