{ pkgs, lib, config, inputs, ... }:
let
inherit (builtins) readFile;
- inherit (config.users) users;
+ inherit (config.users) users groups;
in
{
users.users.backup = {
isSystemUser = true;
shell = users.root.shell;
+ group = groups.disk.name;
openssh.authorizedKeys.keys = [
(readFile (inputs.secrets + "/hosts/losurdo/ssh/backup.ssh-ed25519.pub"))
] ++ users."julm".openssh.authorizedKeys.keys;
};
+systemd.tmpfiles.rules = [
+ "z /dev/zfs 0660 - ${groups."disk".name} -"
+];
system.activationScripts.backup = ''
${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
'';
+
+systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
services.sanoid = {
enable = true;
templates = {
#"--debug"
];
datasets = {
- "rpool/var/git" = {
- use_template = [ "local" ];
- daily = 7;
- };
- "rpool/var/mail" = {
- use_template = [ "local" ];
- hourly = 12;
- daily = 7;
- };
- "rpool/var/public-inbox" = {
- use_template = [ "local" ];
- daily = 7;
- };
- "rpool/var/www" = {
- use_template = [ "local" ];
- daily = 7;
- };
- "rpool/var/redis" = {
- use_template = [ "local" ];
- hourly = 0;
- daily = 7;
- };
- "rpool/home/julm/mail" = {
- use_template = [ "local" ];
- hourly = 12;
- daily = 7;
- };
- "rpool/home/julm/log" = {
- use_template = [ "local" ];
- hourly = 12;
- daily = 7;
- monthly = 1;
- };
- "rpool/backup/losurdo/home/julm/work" = {
- use_template = [ "remote" ];
- daily = 31;
- };
"rpool/backup/losurdo/var/postgresql" = {
use_template = [ "remote" ];
daily = 31;
sourcephile / git / sourcephile-nix.git / blobdiff