inherit (config.services) syncoid;
inherit (config.security) gnupg;
inherit (config.users) groups;
+ losurdo2das1 = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
+ "${hostName}/${path}2das1" = {
+ source = "${hostName}/${path}";
+ target = "das1/julm/backup/losurdo/${path}";
+ sendOptions = "raw";
+ recursive = true;
+ };
+ };
+ mermet2losurdo = path: conf: lib.mapAttrs (n: v: lib.recursiveUpdate v conf) {
+ "backup@mermet.${networking.domain}:rpool/${path}" = {
+ target = "${hostName}/backup/mermet/${path}";
+ sendOptions = "raw";
+ recursive = true;
+ };
+ "${hostName}/backup/mermet/${path}" = {
+ target = "das1/julm/backup/mermet/${path}";
+ sendOptions = "raw";
+ recursive = true;
+ };
+ };
in
{
-networking.nftables.ruleset = ''
+networking.nftables.ruleset = lib.mkAfter ''
add rule inet filter fw2net \
meta skuid @nixos-syncoid-uids \
meta l4proto tcp \
];
services.syncoid = {
enable = true;
+ nftables.enable = true;
interval = "*-*-* *:05:00";
#interval = "*:0/1";
sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path;
sendOptions = "raw";
target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
};
- "backup@mermet.${networking.domain}:rpool/var/mail" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/mail";
- };
- "backup@mermet.${networking.domain}:rpool/var/postgresql" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/postgresql";
- };
- "backup@mermet.${networking.domain}:rpool/var/prosody" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/prosody";
- };
- "backup@mermet.${networking.domain}:rpool/var/public-inbox" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/public-inbox";
- };
- "backup@mermet.${networking.domain}:rpool/var/www" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/www";
- };
- "backup@mermet.${networking.domain}:rpool/var/git" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/git";
- };
- "backup@mermet.${networking.domain}:rpool/var/redis-rspamd" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/var/redis-rspamd";
- };
- "backup@mermet.${networking.domain}:rpool/home/julm/mail" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/home/julm/mail";
- };
- "backup@mermet.${networking.domain}:rpool/home/julm/log" = {
- sendOptions = "raw";
- target = "${hostName}/backup/mermet/home/julm/log";
- };
- };
+ }
+ // mermet2losurdo "var" {
+ extraArgs = [
+ "--skip-parent"
+ "--exclude=rpool/var/cache"
+ "--exclude=rpool/var/log"
+ "--exclude=rpool/var/tmp"
+ ];
+ }
+ // mermet2losurdo "home/julm/mail" {}
+ // mermet2losurdo "home/julm/log" {}
+ // losurdo2das1 "home/julm/work" {}
+ // losurdo2das1 "var/sftp" {}
+ // losurdo2das1 "var/git" {}
+ ;
};
}