] ++ users."julm".openssh.authorizedKeys.keys;
};
systemd.tmpfiles.rules = [
- "z /dev/zfs 0660 - disk -"
+ "z /dev/zfs 0660 - ${groups."disk".name} -"
];
system.activationScripts.backup = ''
${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} bookmark,hold,send rpool
${pkgs.zfs}/bin/zfs allow -u ${users.backup.name} receive,create,mount,rollback rpool/backup
'';
+
+systemd.services.sanoid.serviceConfig.SupplementaryGroups = [ groups."disk".name ];
services.sanoid = {
enable = true;
templates = {