]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/syncoid.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nix: update input julm-nix
[sourcephile-nix.git] / hosts / losurdo / syncoid.nix
1 { pkgs, lib, config, hostName, hosts, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) syncoid;
5 inherit (config.security) gnupg;
6 inherit (config.users) groups;
7 losurdo2das1 = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
8 "${hostName}/${path}2das1" = {
9 source = "${hostName}/${path}";
10 target = "das1/julm/backup/losurdo/${path}";
11 sendOptions = "raw";
12 recursive = true;
13 };
14 };
15 mermet2losurdo = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
16 "backup@mermet.${networking.domain}:rpool/${path}" = {
17 target = "${hostName}/backup/mermet/${path}";
18 sendOptions = "raw";
19 recursive = true;
20 };
21 "${hostName}/backup/mermet/${path}" = {
22 target = "das1/julm/backup/mermet/${path}";
23 sendOptions = "raw";
24 recursive = true;
25 };
26 };
27 in
28 {
29 networking.nftables.ruleset = lib.mkAfter ''
30 table inet filter {
31 chain output-net {
32 skuid @nixos-syncoid-uids \
33 meta l4proto tcp \
34 counter accept \
35 comment "syncoid: SSH"
36 }
37 }
38 '';
39 security.gnupg.secrets."ssh/backup.ssh-ed25519" = {};
40 systemd.tmpfiles.rules = [
41 "z /dev/zfs 0660 - disk -"
42 ];
43 services.syncoid = {
44 enable = true;
45 nftables.enable = true;
46 interval = "*-*-* *:05:00";
47 #interval = "*:0/1";
48 sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
49 commonArgs = [
50 #"--debug"
51 "--no-sync-snap"
52 "--create-bookmark"
53 #"--no-privilege-elevation"
54 #"--no-stream"
55 ];
56 service = {
57 after = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
58 wants = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ];
59 serviceConfig.Group = groups."disk".name;
60 };
61 commands = {
62 "${hostName}/home/julm/work" = {
63 sendOptions = "raw";
64 target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
65 };
66 }
67 // mermet2losurdo "var" {
68 extraArgs = [
69 "--skip-parent"
70 "--exclude=rpool/var/cache"
71 "--exclude=rpool/var/log"
72 "--exclude=rpool/var/tmp"
73 ];
74 }
75 // mermet2losurdo "home/julm/mail" {}
76 // mermet2losurdo "home/julm/log" {}
77 // losurdo2das1 "home/julm/work" {}
78 // losurdo2das1 "var/sftp" {}
79 // losurdo2das1 "var/git" {}
80 ;
81 };
82 }
NixOS configurations for Sourcephile's infrastructure