]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/syncoid.nix
wireguard: prepare jettison of #128014
[sourcephile-nix.git] / hosts / losurdo / syncoid.nix
1 { pkgs, lib, config, hostName, hosts, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) syncoid;
5 inherit (config.security) gnupg;
6 inherit (config.users) groups;
7 in
8 {
9 networking.nftables.ruleset = lib.mkAfter ''
10 add rule inet filter fw2net \
11 meta skuid @nixos-syncoid-uids \
12 meta l4proto tcp \
13 counter accept \
14 comment "syncoid: allow SSH"
15 '';
16 security.gnupg.secrets."ssh/backup.ssh-ed25519" = {};
17 systemd.tmpfiles.rules = [
18 "z /dev/zfs 0660 - disk -"
19 ];
20 services.syncoid = {
21 enable = true;
22 nftables.enable = true;
23 interval = "*-*-* *:05:00";
24 #interval = "*:0/1";
25 sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
26 commonArgs = [
27 #"--debug"
28 "--no-sync-snap"
29 "--create-bookmark"
30 #"--no-privilege-elevation"
31 #"--no-stream"
32 ];
33 service = {
34 after = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
35 wants = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
36 serviceConfig.Group = groups."disk".name;
37 };
38 commands = {
39 "${hostName}/home/julm/work" = {
40 sendOptions = "raw";
41 target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
42 };
43 "backup@mermet.${networking.domain}:rpool/var/mail" = {
44 sendOptions = "raw";
45 target = "${hostName}/backup/mermet/var/mail";
46 };
47 "backup@mermet.${networking.domain}:rpool/var/postgresql" = {
48 sendOptions = "raw";
49 target = "${hostName}/backup/mermet/var/postgresql";
50 };
51 "backup@mermet.${networking.domain}:rpool/var/prosody" = {
52 sendOptions = "raw";
53 target = "${hostName}/backup/mermet/var/prosody";
54 };
55 "backup@mermet.${networking.domain}:rpool/var/public-inbox" = {
56 sendOptions = "raw";
57 target = "${hostName}/backup/mermet/var/public-inbox";
58 };
59 "backup@mermet.${networking.domain}:rpool/var/www" = {
60 sendOptions = "raw";
61 target = "${hostName}/backup/mermet/var/www";
62 };
63 "backup@mermet.${networking.domain}:rpool/var/git" = {
64 sendOptions = "raw";
65 target = "${hostName}/backup/mermet/var/git";
66 };
67 "backup@mermet.${networking.domain}:rpool/var/redis-rspamd" = {
68 sendOptions = "raw";
69 target = "${hostName}/backup/mermet/var/redis-rspamd";
70 };
71 "backup@mermet.${networking.domain}:rpool/home/julm/mail" = {
72 sendOptions = "raw";
73 target = "${hostName}/backup/mermet/home/julm/mail";
74 };
75 "backup@mermet.${networking.domain}:rpool/home/julm/log" = {
76 sendOptions = "raw";
77 target = "${hostName}/backup/mermet/home/julm/log";
78 };
79 };
80 };
81 }