]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/syncoid.nix
nix: update nixpkgs PR
[sourcephile-nix.git] / machines / losurdo / syncoid.nix
1 { pkgs, lib, config, machineName, machines, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) syncoid;
5 inherit (config.security) gnupg;
6 in
7 {
8 networking.nftables.ruleset = ''
9 add rule inet filter fw2net \
10 skuid "${syncoid.user}" \
11 tcp dport 22 \
12 ip daddr ${machines.mermet.extraArgs.ipv4} \
13 counter accept \
14 comment "SSH to mermet"
15 '';
16 security.gnupg.secrets."ssh/backup.ssh-ed25519" = {
17 user = syncoid.user;
18 };
19 users.groups.keys.members = [ syncoid.user ];
20 services.syncoid = {
21 enable = true;
22 interval = "*-*-* *:05:00";
23 #interval = "*:0/1";
24 sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
25 commonArgs = [
26 "--no-sync-snap"
27 "--create-bookmark"
28 #"--no-privilege-elevation"
29 #"--no-stream"
30 ];
31 service = {
32 after = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
33 wants = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
34 };
35 commands = {
36 "${machineName}/home/julm/work" = {
37 sendOptions = "raw";
38 target = "backup@mermet.${networking.domain}:rpool/backup/${machineName}/home/julm/work";
39 };
40 "backup@mermet.${networking.domain}:rpool/var/mail" = {
41 sendOptions = "raw";
42 target = "${machineName}/backup/mermet/var/mail";
43 };
44 "backup@mermet.${networking.domain}:rpool/var/public-inbox" = {
45 sendOptions = "raw";
46 target = "${machineName}/backup/mermet/var/public-inbox";
47 };
48 "backup@mermet.${networking.domain}:rpool/var/www" = {
49 sendOptions = "raw";
50 target = "${machineName}/backup/mermet/var/www";
51 };
52 "backup@mermet.${networking.domain}:rpool/var/git" = {
53 sendOptions = "raw";
54 target = "${machineName}/backup/mermet/var/git";
55 };
56 "backup@mermet.${networking.domain}:rpool/var/redis" = {
57 sendOptions = "raw";
58 target = "${machineName}/backup/mermet/var/redis";
59 };
60 "backup@mermet.${networking.domain}:rpool/home/julm/mail" = {
61 sendOptions = "raw";
62 target = "${machineName}/backup/mermet/home/julm/mail";
63 };
64 "backup@mermet.${networking.domain}:rpool/home/julm/log" = {
65 sendOptions = "raw";
66 target = "${machineName}/backup/mermet/home/julm/log";
67 };
68 };
69 };
70 }