1 files changed, 59 insertions, 0 deletions

diff --git a/nodes/backup.jras.nl/default.nix b/nodes/backup.jras.nl/default.nix
new file mode 100644
index 0000000..2857536
--- /dev/null
+++ b/nodes/backup.jras.nl/default.nix
@@ -0,0 +1,59 @@
+{ modulesPath, lib, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  system.stateVersion = "24.11";
+
+  home-manager.users.jras = { home.stateVersion = "24.11"; };
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+
+  networking.domain = "jras.nl";
+  networking.hostName = "backup";
+  networking.hostId = "0ee12836";
+
+  services.openssh = {
+    openFirewall = lib.mkForce true;
+    hostKeys = [
+      {
+        path = "/persist/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "/persist/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+
+  users.users.transfer = {
+    openssh.authorizedKeys.keyFiles = [ ../../public/syncoid-key.pub ];
+    createHome = true;
+    home = "/persist/home/transfer";
+    isSystemUser = true;
+    useDefaultShell = true;
+    group = "users";
+  };
+
+  services.openssh.settings.AllowUsers = [ "transfer" ];
+  services.sanoid.enable = true;
+  services.sanoid.datasets = {
+    "backup" = {
+      autoprune = true;
+      autosnap = false;
+      hourly = 72;
+      daily = 7;
+      monthly = 1;
+      yearly = 1;
+    };
+  };
+}