]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/syncoid.nix
nftables: specify wg-intra public IPv4 in fw2net
[sourcephile-nix.git] / machines / losurdo / syncoid.nix
1 { pkgs, lib, config, machineName, machines, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.security) gnupg;
5 user = "backup";
6 in
7 {
8 networking.nftables.ruleset = ''
9 add rule inet filter fw2net tcp dport 22 ip daddr ${machines.mermet.extraArgs.ipv4} counter accept comment "SSH to mermet"
10 '';
11 services.syncoid = {
12 enable = true;
13 interval = "*-*-* *:05:00";
14 sshKey = gnupg.secrets."ssh/${user}.ssh-ed25519".path;
15 commonArgs = [
16 "--no-sync-snap"
17 "--create-bookmark"
18 "--no-privilege-elevation"
19 #"--no-stream"
20 ];
21 service = {
22 after = [ gnupg.secrets."ssh/${user}.ssh-ed25519".service ];
23 wants = [ gnupg.secrets."ssh/${user}.ssh-ed25519".service ];
24 };
25 commands = {
26 "${machineName}/home/julm/work" = {
27 sendOptions = "raw";
28 target = "${user}@mermet.${networking.domain}:rpool/backup/${machineName}/home/julm/work";
29 };
30 "${user}@mermet.${networking.domain}:rpool/var/mail" = {
31 sendOptions = "raw";
32 target = "${machineName}/backup/mermet/var/mail";
33 };
34 "${user}@mermet.${networking.domain}:rpool/var/public-inbox" = {
35 sendOptions = "raw";
36 target = "${machineName}/backup/mermet/var/public-inbox";
37 };
38 "${user}@mermet.${networking.domain}:rpool/var/www" = {
39 sendOptions = "raw";
40 target = "${machineName}/backup/mermet/var/www";
41 };
42 "${user}@mermet.${networking.domain}:rpool/var/git" = {
43 sendOptions = "raw";
44 target = "${machineName}/backup/mermet/var/git";
45 };
46 "${user}@mermet.${networking.domain}:rpool/var/redis" = {
47 sendOptions = "raw";
48 target = "${machineName}/backup/mermet/var/redis";
49 };
50 "${user}@mermet.${networking.domain}:rpool/home/julm/mail" = {
51 sendOptions = "raw";
52 target = "${machineName}/backup/mermet/home/julm/mail";
53 };
54 "${user}@mermet.${networking.domain}:rpool/home/julm/log" = {
55 sendOptions = "raw";
56 target = "${machineName}/backup/mermet/home/julm/log";
57 };
58 };
59 };
60 }