]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/syncoid.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
syncoid: use a dedicated backup user
[sourcephile-nix.git] / machines / losurdo / syncoid.nix
1 { pkgs, lib, config, machineName, machines, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.security) gnupg;
5 in
6 {
7 networking.nftables.ruleset = ''
8 add rule inet filter fw2net tcp dport 22 ip daddr ${machines.mermet.extraArgs.ipv4} counter accept comment "SSH to mermet"
9 '';
10 services.syncoid = {
11 enable = true;
12 interval = "*-*-* *:05:00";
13 sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
14 commonArgs = [
15 "--no-sync-snap"
16 "--create-bookmark"
17 "--no-privilege-elevation"
18 ];
19 commands = {
20 "${machineName}/home/julm/work" = {
21 sendOptions = "raw";
22 target = "backup@mermet.${networking.domain}:rpool/backup/${machineName}/home/julm/work";
23 };
24 "${machineName}/var/postgresql" = {
25 sendOptions = "raw";
26 target = "backup@mermet.${networking.domain}:rpool/backup/${machineName}/var/postgresql";
27 };
28 "backup@mermet.${networking.domain}:rpool/var/mail" = {
29 sendOptions = "raw";
30 target = "${machineName}/backup/mermet/var/mail";
31 };
32 "backup@mermet.${networking.domain}:rpool/var/public-inbox" = {
33 sendOptions = "raw";
34 target = "${machineName}/backup/mermet/var/public-inbox";
35 };
36 "backup@mermet.${networking.domain}:rpool/var/www" = {
37 sendOptions = "raw";
38 target = "${machineName}/backup/mermet/var/www";
39 };
40 "backup@mermet.${networking.domain}:rpool/var/git" = {
41 sendOptions = "raw";
42 target = "${machineName}/backup/mermet/var/git";
43 };
44 "backup@mermet.${networking.domain}:rpool/var/redis" = {
45 sendOptions = "raw";
46 target = "${machineName}/backup/mermet/var/redis";
47 };
48 "backup@mermet.${networking.domain}:rpool/home/julm/mail" = {
49 sendOptions = "raw";
50 target = "${machineName}/backup/mermet/home/julm/mail";
51 };
52 "backup@mermet.${networking.domain}:rpool/home/julm/log" = {
53 sendOptions = "raw";
54 target = "${machineName}/backup/mermet/home/julm/log";
55 };
56 };
57 };
58 }
NixOS configurations for Sourcephile's infrastructure