Create ZFS Backup Server and client services

disko/zfs-impermanence-backup.nix

@@ -0,0 +1,84 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/sda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              name = "boot";
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            swap = {
+              size = "2G";
+              content = {
+                type = "swap";
+                discardPolicy = "both";
+                randomEncryption = true;
+              };
+            };
+            zfs_root = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          canmount = "off";
+          compression = "zstd";
+        };
+        datasets = {
+          root = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options.mountpoint = "legacy";
+            postCreateHook = "zfs snapshot zroot/root@blank";
+          };
+          nix = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+            options.mountpoint = "legacy";
+          };
+          persist = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "legacy";
+              "com.sun:auto-snapshot" = "true";
+            };
+            mountpoint = "/persist";
+          };
+          home = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "legacy";
+              "com.sun:auto-snapshot" = "true";
+            };
+            mountpoint = "/home";
+            postCreateHook = "zfs snapshot zroot/home@blank";
+          };
+          backups = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+          };
+        };
+      };
+    };
+  };
+}

hosts/zfs-backup.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+  imports = [ ../disko/zfs-impermanence-backup.nix ];
+
+  custom = {
+    platform = {
+      impermanence.enable = true;
+      vm.enable = true;
+    };
+    services.zfsBackupServer.enable = true;
+  };
+  networking.hostId = "353bc8fd";
+  system.stateVersion = "25.05";
+}

modules/services/zfs-backup-server.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.custom.services.zfsBackupServer;
+in
+{
+  options.custom.services.zfsBackupServer.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users.root.openssh.authorizedKeys.keys = [ ];
+    environment.systemPackages = with pkgs; [ lz4 ];
+  };
+}

modules/services/zfs-replication.nix

@@ -0,0 +1,23 @@
+{ config, lib, ... }:
+let
+  cfg = config.custom.services.zfsReplication;
+in
+{
+  options.custom.services.zfsReplication.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.zfs.autoReplication = {
+      enable = true;
+      host = "zfs-backup.vsinerva.fi";
+      identityFilePath = "/etc/ssh/ssh_host_ed25519_key";
+      localFilesystem = "zroot";
+      remoteFilesystem = "zroot/backups/${config.networking.hostName}";
+      username = "root";
+    };
+    services.openssh.knownHosts."zfs-backup.vsinerva.fi".publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8";
+  };
+}