]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/sanoid.nix
gnupg: disable building pinentry UIs
[sourcephile-nix.git] / hosts / mermet / sanoid.nix
1 { pkgs, lib, config, inputs, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (config.users) users;
5 in
6 {
7 users.users.backup = {
8 isSystemUser = true;
9 shell = users.root.shell;
10 openssh.authorizedKeys.keys = [
11 (readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
12 ] ++ users."julm".openssh.authorizedKeys.keys;
13 };
14 system.activationScripts.backup = ''
15 ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
16 ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
17 '';
18 services.sanoid = {
19 enable = true;
20 templates = {
21 local = {
22 autosnap = true;
23 autoprune = true;
24 monthly = 3;
25 };
26 remote = {
27 autosnap = false;
28 autoprune = true;
29 monthly = 3;
30 };
31 };
32 extraArgs = [
33 "--verbose"
34 #"--debug"
35 ];
36 datasets = {
37 "rpool/var/git" = {
38 use_template = [ "local" ];
39 daily = 7;
40 };
41 "rpool/var/mail" = {
42 use_template = [ "local" ];
43 hourly = 12;
44 daily = 7;
45 };
46 "rpool/var/public-inbox" = {
47 use_template = [ "local" ];
48 daily = 7;
49 };
50 "rpool/var/www" = {
51 use_template = [ "local" ];
52 daily = 7;
53 };
54 "rpool/var/redis" = {
55 use_template = [ "local" ];
56 hourly = 0;
57 daily = 7;
58 };
59 "rpool/home/julm/mail" = {
60 use_template = [ "local" ];
61 hourly = 12;
62 daily = 7;
63 };
64 "rpool/home/julm/log" = {
65 use_template = [ "local" ];
66 hourly = 12;
67 daily = 7;
68 monthly = 1;
69 };
70 "rpool/backup/losurdo/home/julm/work" = {
71 use_template = [ "remote" ];
72 daily = 31;
73 };
74 "rpool/backup/losurdo/var/postgresql" = {
75 use_template = [ "remote" ];
76 daily = 31;
77 };
78 "rpool/backup/losurdo/var/cryptpad" = {
79 use_template = [ "remote" ];
80 daily = 31;
81 monthly = 0;
82 };
83 };
84 };
85 }