]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/syncoid.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
losurdo: syncoid: fix nftables integration
[sourcephile-nix.git] / hosts / losurdo / syncoid.nix
1 {
2 lib,
3 config,
4 inputs,
5 hostName,
6 ...
7 }:
8 let
9 inherit (config) networking;
10 inherit (config.services) syncoid;
11 inherit (config.users) groups;
12 losurdo2das1 =
13 path: conf:
14 lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
15 "${hostName}/${path}2das1" = {
16 source = "${hostName}/${path}";
17 target = "das1/julm/backup/losurdo/${path}";
18 sendOptions = "raw";
19 recursive = true;
20 };
21 };
22 mermet2losurdo =
23 path: conf:
24 lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
25 /*
26 "backup@mermet.${networking.domain}:rpool/${path}" = {
27 target = "${hostName}/backup/mermet/${path}";
28 sendOptions = "raw";
29 recursive = true;
30 };
31 "${hostName}/backup/mermet/${path}" = {
32 */
33 "backup@mermet.${networking.domain}:rpool/${path}" = {
34 target = "das1/julm/backup/mermet/${path}";
35 sendOptions = "raw";
36 recursive = true;
37 };
38 };
39 in
40 {
41 networking.nftables.ruleset = ''
42 table inet filter {
43 chain output-net {
44 skuid @nixos_syncoid_uids \
45 meta l4proto tcp \
46 counter accept \
47 comment "syncoid: SSH"
48 }
49 }
50 '';
51 systemd.tmpfiles.rules = [
52 "z /dev/zfs 0660 - disk -"
53 ];
54 services.syncoid = {
55 enable = true;
56 interval = "*-*-* *:05:00";
57 #interval = "*:0/1";
58 sshKey = "sshKey:${syncoid/sshKey.cred}";
59 commonArgs = [
60 #"--debug"
61 "--no-sync-snap"
62 "--create-bookmark"
63 #"--no-privilege-elevation"
64 #"--no-stream"
65 #"--preserve-recordsize"
66 #"--preserve-properties"
67 ];
68 service = {
69 serviceConfig.Group = groups."disk".name;
70 };
71 commands =
72 {
73 "${hostName}/home/julm/work" = {
74 sendOptions = "raw";
75 target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
76 };
77 }
78 // mermet2losurdo "var" {
79 extraArgs = [
80 "--skip-parent"
81 "--exclude=rpool/var/cache"
82 "--exclude=rpool/var/lib/nginx"
83 "--exclude=rpool/var/log"
84 "--exclude=rpool/var/tmp"
85 ];
86 }
87 // mermet2losurdo "home/julm/mail" { }
88 // mermet2losurdo "home/julm/log" { }
89 // losurdo2das1 "home/julm/work" { }
90 // losurdo2das1 "var/sftp" { }
91 // losurdo2das1 "var/git" { };
92 };
93 }
NixOS configurations for Sourcephile's infrastructure