{ config, ... }: let inherit (builtins) readFile; inherit (config.users) users groups; in { users.users.backup = { isSystemUser = true; shell = users.root.shell; group = groups.disk.name; openssh.authorizedKeys.keys = [ (readFile ../losurdo/syncoid/sshKey.pub) ] ++ users."julm".openssh.authorizedKeys.keys; }; systemd.tmpfiles.rules = [ "z /dev/zfs 0660 - ${groups."disk".name} -" ]; system.activationScripts.backup = '' # This one should not be necessary /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup ''; systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ]; services.sanoid = { enable = true; templates = { snap = { autosnap = true; autoprune = true; yearly = 0; monthly = 3; daily = 31; hourly = 24; frequently = 0; }; prune = { autosnap = false; autoprune = true; yearly = 0; monthly = 3; daily = 31; hourly = 24; frequently = 0; }; }; extraArgs = [ "--verbose" #"--debug" ]; datasets = { "rpool/var/lib" = { use_template = [ "snap" ]; }; "rpool/backup/losurdo/var/postgresql" = { use_template = [ "prune" ]; }; "rpool/backup/losurdo/var/cryptpad" = { use_template = [ "prune" ]; }; }; }; }