{ pkgs, lib, config, hostName, hosts, ... }:
let
  inherit (config) networking;
  inherit (config.services) syncoid;
  inherit (config.users) groups;
  losurdo2das1 = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
    "${hostName}/${path}2das1" = {
      source = "${hostName}/${path}";
      target = "das1/julm/backup/losurdo/${path}";
      sendOptions = "raw";
      recursive = true;
    };
  };
  mermet2losurdo = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
    "backup@mermet.${networking.domain}:rpool/${path}" = {
      target = "${hostName}/backup/mermet/${path}";
      sendOptions = "raw";
      recursive = true;
    };
    "${hostName}/backup/mermet/${path}" = {
      target = "das1/julm/backup/mermet/${path}";
      sendOptions = "raw";
      recursive = true;
    };
  };
in
{
networking.nftables.ruleset = ''
  table inet filter {
    chain output-net {
      skuid @nixos-syncoid-uids \
        meta l4proto tcp \
        counter accept \
        comment "syncoid: SSH"
    }
  }
'';
systemd.tmpfiles.rules = [
  "z /dev/zfs 0660 - disk  -"
];
services.syncoid = {
  enable = true;
  nftables.enable = true;
  interval = "*-*-* *:05:00";
  #interval = "*:0/1";
  sshKey = "sshKey:" + syncoid/sshKey.cred;
  commonArgs = [
    #"--debug"
    "--no-sync-snap"
    "--create-bookmark"
    #"--no-privilege-elevation"
    #"--no-stream"
  ];
  service = {
    serviceConfig.Group = groups."disk".name;
  };
  commands = {
    "${hostName}/home/julm/work" = {
      sendOptions = "raw";
      target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
    };
  }
  // mermet2losurdo "var" {
    extraArgs = [
      "--skip-parent"
      "--exclude=rpool/var/cache"
      "--exclude=rpool/var/log"
      "--exclude=rpool/var/tmp"
    ];
  }
  // mermet2losurdo "home/julm/mail" {}
  // mermet2losurdo "home/julm/log" {}
  // losurdo2das1 "home/julm/work" {}
  // losurdo2das1 "var/sftp" {}
  // losurdo2das1 "var/git" {}
  ;
};
}