]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/syncoid.nix
acme: enable dnsPropagationCheck :s
[sourcephile-nix.git] / hosts / losurdo / syncoid.nix
1 { lib, config, inputs, hostName, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) syncoid;
5 inherit (config.users) groups;
6 losurdo2das1 = path: conf: lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
7 "${hostName}/${path}2das1" = {
8 source = "${hostName}/${path}";
9 target = "das1/julm/backup/losurdo/${path}";
10 sendOptions = "raw";
11 recursive = true;
12 };
13 };
14 mermet2losurdo = path: conf: lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
15 "backup@mermet.${networking.domain}:rpool/${path}" = {
16 target = "${hostName}/backup/mermet/${path}";
17 sendOptions = "raw";
18 recursive = true;
19 };
20 "${hostName}/backup/mermet/${path}" = {
21 target = "das1/julm/backup/mermet/${path}";
22 sendOptions = "raw";
23 recursive = true;
24 };
25 };
26 in
27 {
28 networking.nftables.ruleset = ''
29 table inet filter {
30 chain output-net {
31 skuid @nixos-syncoid-uids \
32 meta l4proto tcp \
33 counter accept \
34 comment "syncoid: SSH"
35 }
36 }
37 '';
38 systemd.tmpfiles.rules = [
39 "z /dev/zfs 0660 - disk -"
40 ];
41 services.syncoid = {
42 enable = true;
43 nftables.enable = true;
44 interval = "*-*-* *:05:00";
45 #interval = "*:0/1";
46 sshKey = "sshKey:${inputs.self}/hosts/${hostName}/syncoid/sshKey.cred";
47 commonArgs = [
48 #"--debug"
49 "--no-sync-snap"
50 "--create-bookmark"
51 #"--no-privilege-elevation"
52 #"--no-stream"
53 ];
54 service = {
55 serviceConfig.Group = groups."disk".name;
56 };
57 commands = {
58 "${hostName}/home/julm/work" = {
59 sendOptions = "raw";
60 target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
61 };
62 }
63 // mermet2losurdo "var" {
64 extraArgs = [
65 "--skip-parent"
66 "--exclude=rpool/var/cache"
67 "--exclude=rpool/var/log"
68 "--exclude=rpool/var/tmp"
69 ];
70 }
71 // mermet2losurdo "home/julm/mail" { }
72 // mermet2losurdo "home/julm/log" { }
73 // losurdo2das1 "home/julm/work" { }
74 // losurdo2das1 "var/sftp" { }
75 // losurdo2das1 "var/git" { }
76 ;
77 };
78 }