node/backup.jras.nl/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

{ modulesPath, lib, ... }:
{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
  ];

  system.stateVersion = "24.11";

  home-manager.users.jras = { home.stateVersion = "24.11"; };

  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };

  time.timeZone = "Europe/Amsterdam";

  networking.domain = "jras.nl";
  networking.hostName = "backup";
  networking.hostId = "0ee12836";

  services.openssh = {
    openFirewall = lib.mkForce true;
    hostKeys = [
      {
        path = "/persist/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/persist/etc/ssh/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };

  users.users.transfer = {
    openssh.authorizedKeys.keyFiles = [ ../../public/syncoid-key.pub ];
    createHome = true;
    home = "/persist/home/transfer";
    isSystemUser = true;
    useDefaultShell = true;
    group = "users";
  };

  services.openssh.settings.AllowUsers = [ "transfer" ];
  services.sanoid.enable = true;
  services.sanoid.datasets = {
    "backup" = {
      autoprune = true;
      autosnap = false;
      hourly = 72;
      daily = 7;
      monthly = 1;
      yearly = 1;
    };
  };
}