{ pkgs, lib, config, inputs, ... }:
let
inherit (builtins) readFile;
- inherit (config.users) users;
+ inherit (config.users) users groups;
in
{
users.users.backup = {
isSystemUser = true;
shell = users.root.shell;
+ group = groups.disk.name;
openssh.authorizedKeys.keys = [
(readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
] ++ users."julm".openssh.authorizedKeys.keys;
};
+systemd.tmpfiles.rules = [
+ "z /dev/zfs 0660 - ${groups."disk".name} -"
+];
system.activationScripts.backup = ''
- ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
- ${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
+ # This one should not be necessary
+ /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
+ /run/booted-system/sw/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
'';
+
+systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
services.sanoid = {
enable = true;
templates = {
- local = {
+ snap = {
autosnap = true;
autoprune = true;
monthly = 3;
};
- remote = {
+ prune = {
autosnap = false;
autoprune = true;
monthly = 3;
];
datasets = {
"rpool/backup/losurdo/var/postgresql" = {
- use_template = [ "remote" ];
+ use_template = [ "prune" ];
daily = 31;
};
"rpool/backup/losurdo/var/cryptpad" = {
- use_template = [ "remote" ];
+ use_template = [ "prune" ];
daily = 31;
monthly = 0;
};