-{ pkgs, lib, config, inputs, ... }:
+{ config, ... }:
let
inherit (builtins) readFile;
inherit (config.users) users groups;
in
{
-users.users.backup = {
- isSystemUser = true;
- shell = users.root.shell;
- group = groups.disk.name;
- openssh.authorizedKeys.keys = [
- (readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
- ] ++ users."julm".openssh.authorizedKeys.keys;
-};
-systemd.tmpfiles.rules = [
- "z /dev/zfs 0660 - ${groups."disk".name} -"
-];
-system.activationScripts.backup = ''
- # This one should not be necessary
- /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
- /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
-'';
-
-systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
-services.sanoid = {
- enable = true;
- templates = {
- snap = {
- autosnap = true;
- autoprune = true;
- yearly = 0;
- monthly = 3;
- daily = 31;
- hourly = 0;
- frequently = 0;
- };
- prune = {
- autosnap = false;
- autoprune = true;
- yearly = 0;
- monthly = 3;
- daily = 31;
- hourly = 24;
- frequently = 0;
- };
+ users.users.backup = {
+ isSystemUser = true;
+ shell = users.root.shell;
+ group = groups.disk.name;
+ openssh.authorizedKeys.keys = [
+ (readFile ../losurdo/syncoid/sshKey.pub)
+ ] ++ users."julm".openssh.authorizedKeys.keys;
};
- extraArgs = [
- "--verbose"
- #"--debug"
+ systemd.tmpfiles.rules = [
+ "z /dev/zfs 0660 - ${groups."disk".name} -"
];
- datasets = {
- "rpool/backup/losurdo/var/postgresql" = {
- use_template = [ "prune" ];
+ system.activationScripts.backup = ''
+ # This one should not be necessary
+ /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
+ /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
+ '';
+
+ systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
+ services.sanoid = {
+ enable = true;
+ templates = {
+ snap = {
+ autosnap = true;
+ autoprune = true;
+ yearly = 0;
+ monthly = 3;
+ daily = 31;
+ hourly = 24;
+ frequently = 0;
+ };
+ prune = {
+ autosnap = false;
+ autoprune = true;
+ yearly = 0;
+ monthly = 3;
+ daily = 31;
+ hourly = 24;
+ frequently = 0;
+ };
};
- "rpool/backup/losurdo/var/cryptpad" = {
- use_template = [ "prune" ];
+ extraArgs = [
+ "--verbose"
+ #"--debug"
+ ];
+ datasets = {
+ "rpool/var/lib" = {
+ use_template = [ "snap" ];
+ };
+ "rpool/backup/losurdo/var/postgresql" = {
+ use_template = [ "prune" ];
+ };
+ "rpool/backup/losurdo/var/cryptpad" = {
+ use_template = [ "prune" ];
+ };
};
};
-};
}
sourcephile / git / sourcephile-nix.git / blobdiff