]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/syncoid.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
zfs: add lzop and mbuffer for syncoid
[sourcephile-nix.git] / machines / losurdo / syncoid.nix
1 { pkgs, lib, config, machineName, machines, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) syncoid;
5 inherit (config.security) gnupg;
6 in
7 {
8 networking.nftables.ruleset = ''
9 add rule inet filter fw2net \
10 skuid "${syncoid.user}" \
11 tcp dport 22 \
12 ip daddr ${machines.mermet.extraArgs.ipv4} \
13 counter accept \
14 comment "SSH to mermet"
15 '';
16 security.gnupg.secrets."ssh/backup.ssh-ed25519" = {
17 user = syncoid.user;
18 };
19 users.groups.keys.members = [ syncoid.user ];
20 services.syncoid = {
21 enable = true;
22 interval = "*-*-* *:05:00";
23 sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
24 commonArgs = [
25 "--no-sync-snap"
26 "--create-bookmark"
27 #"--no-privilege-elevation"
28 #"--no-stream"
29 ];
30 service = {
31 after = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
32 wants = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
33 };
34 commands = {
35 "${machineName}/home/julm/work" = {
36 sendOptions = "raw";
37 target = "backup@mermet.${networking.domain}:rpool/backup/${machineName}/home/julm/work";
38 };
39 "backup@mermet.${networking.domain}:rpool/var/mail" = {
40 sendOptions = "raw";
41 target = "${machineName}/backup/mermet/var/mail";
42 };
43 "backup@mermet.${networking.domain}:rpool/var/public-inbox" = {
44 sendOptions = "raw";
45 target = "${machineName}/backup/mermet/var/public-inbox";
46 };
47 "backup@mermet.${networking.domain}:rpool/var/www" = {
48 sendOptions = "raw";
49 target = "${machineName}/backup/mermet/var/www";
50 };
51 "backup@mermet.${networking.domain}:rpool/var/git" = {
52 sendOptions = "raw";
53 target = "${machineName}/backup/mermet/var/git";
54 };
55 "backup@mermet.${networking.domain}:rpool/var/redis" = {
56 sendOptions = "raw";
57 target = "${machineName}/backup/mermet/var/redis";
58 };
59 "backup@mermet.${networking.domain}:rpool/home/julm/mail" = {
60 sendOptions = "raw";
61 target = "${machineName}/backup/mermet/home/julm/mail";
62 };
63 "backup@mermet.${networking.domain}:rpool/home/julm/log" = {
64 sendOptions = "raw";
65 target = "${machineName}/backup/mermet/home/julm/log";
66 };
67 };
68 };
69 }
NixOS configurations for Sourcephile's infrastructure