hosts/mermet/sanoid.nix

   1 { pkgs, lib, config, inputs, ... }:
   2 let
   3   inherit (builtins) readFile;
   4   inherit (config.users) users groups;
   5 in
   6 {
   7 users.users.backup = {
   8   isSystemUser = true;
   9   shell = users.root.shell;
  10   group = groups.disk.name;
  11   openssh.authorizedKeys.keys = [
  12     (readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
  13   ] ++ users."julm".openssh.authorizedKeys.keys;
  14 };
  15 systemd.tmpfiles.rules = [
  16   "z /dev/zfs 0660 - disk  -"
  17 ];
  18 system.activationScripts.backup = ''
  19   ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
  20   ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
  21 '';
  22 services.sanoid = {
  23   enable = true;
  24   templates = {
  25     local = {
  26       autosnap = true;
  27       autoprune = true;
  28       monthly = 3;
  29     };
  30     remote = {
  31       autosnap = false;
  32       autoprune = true;
  33       monthly = 3;
  34     };
  35   };
  36   extraArgs = [
  37     "--verbose"
  38     #"--debug"
  39   ];
  40   datasets = {
  41     "rpool/backup/losurdo/var/postgresql" = {
  42       use_template = [ "remote" ];
  43       daily = 31;
  44     };
  45     "rpool/backup/losurdo/var/cryptpad" = {
  46       use_template = [ "remote" ];
  47       daily = 31;
  48       monthly = 0;
  49     };
  50   };
  51 };
  52 }