1 { pkgs, lib, config, inputs, ... }:
3 inherit (builtins) readFile;
4 inherit (config.users) users groups;
9 shell = users.root.shell;
10 group = groups.disk.name;
11 openssh.authorizedKeys.keys = [
12 (readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
13 ] ++ users."julm".openssh.authorizedKeys.keys;
15 systemd.tmpfiles.rules = [
16 "z /dev/zfs 0660 - ${groups."disk".name} -"
18 system.activationScripts.backup = ''
19 # This one should not be necessary
20 /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
21 /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
24 systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
44 "rpool/backup/losurdo/var/postgresql" = {
45 use_template = [ "remote" ];
48 "rpool/backup/losurdo/var/cryptpad" = {
49 use_template = [ "remote" ];