diff --git a/disko/zfs-impermanence-backup.nix b/disko/zfs-impermanence-backup.nix new file mode 100644 index 0000000..cdc63a4 --- /dev/null +++ b/disko/zfs-impermanence-backup.nix @@ -0,0 +1,84 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + name = "boot"; + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = { + size = "2G"; + content = { + type = "swap"; + discardPolicy = "both"; + randomEncryption = true; + }; + }; + zfs_root = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + canmount = "off"; + compression = "zstd"; + }; + datasets = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + options.mountpoint = "legacy"; + postCreateHook = "zfs snapshot zroot/root@blank"; + }; + nix = { + type = "zfs_fs"; + mountpoint = "/nix"; + options.mountpoint = "legacy"; + }; + persist = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/persist"; + }; + home = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/home"; + postCreateHook = "zfs snapshot zroot/home@blank"; + }; + backups = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/zfs-backup.nix b/hosts/zfs-backup.nix new file mode 100644 index 0000000..167ca64 --- /dev/null +++ b/hosts/zfs-backup.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + imports = [ ../disko/zfs-impermanence-backup.nix ]; + + custom = { + platform = { + impermanence.enable = true; + vm.enable = true; + }; + services.zfsBackupServer.enable = true; + }; + networking.hostId = "353bc8fd"; + system.stateVersion = "25.05"; +} diff --git a/modules/services/zfs-backup-server.nix b/modules/services/zfs-backup-server.nix new file mode 100644 index 0000000..e2ecc43 --- /dev/null +++ b/modules/services/zfs-backup-server.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.custom.services.zfsBackupServer; +in +{ + options.custom.services.zfsBackupServer.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + users.users.root.openssh.authorizedKeys.keys = [ ]; + environment.systemPackages = with pkgs; [ lz4 ]; + }; +} diff --git a/modules/services/zfs-replication.nix b/modules/services/zfs-replication.nix new file mode 100644 index 0000000..8b86dd1 --- /dev/null +++ b/modules/services/zfs-replication.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: +let + cfg = config.custom.services.zfsReplication; +in +{ + options.custom.services.zfsReplication.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + services.zfs.autoReplication = { + enable = true; + host = "zfs-backup.vsinerva.fi"; + identityFilePath = "/etc/ssh/ssh_host_ed25519_key"; + localFilesystem = "zroot"; + remoteFilesystem = "zroot/backups/${config.networking.hostName}"; + username = "root"; + }; + services.openssh.knownHosts."zfs-backup.vsinerva.fi".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8"; + }; +}