dotfiles/modules/nixos/services/syncoid/default.nix

{
  options,
  config,
  pkgs,
  lib,
  ...
}:
with lib; let
  cfg = config.aa.services.syncoid;
in {
  options.aa.services.syncoid = with types; {
    enable = mkEnableOption "syncoid (ZFS snap replication)";
    commands = mkOption {
      type = attrs;
      default = {};
      description = "Commands to pass directly to syncoid, see `services.syncoid.commands`";
    };
    remoteTargetUser = mkOption {
      type = str;
      default = "";
      description = "The user to use on the target machine.";
    };
    remoteTargetDatasets = mkOption {
      type = listOf str;
      default = [];
      description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)";
    };
    remoteTargetPublicKeys = mkOption {
      type = listOf str;
      default = [];
      description = "SSH public keys that the syncoid service's user should trust";
    };
  };

  config = mkIf cfg.enable {
    services.syncoid = {
      enable = true;
      localSourceAllow =
        options.services.syncoid.localSourceAllow.default
        ++ [
          "mount"
        ];
      localTargetAllow =
        options.services.syncoid.localTargetAllow.default
        ++ [
          "destroy"
        ];
      commands = mkAliasDefinitions options.aa.services.syncoid.commands;
    };

    environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [
      lzop
      mbuffer
    ]);

    users = mkIf (cfg.remoteTargetUser != "") {
      users."${cfg.remoteTargetUser}" = {
        shell = pkgs.bashInteractive;
        group = cfg.remoteTargetUser;
        isSystemUser = true;
        home = "/var/lib/${cfg.remoteTargetUser}";
        createHome = true;
        openssh.authorizedKeys.keys = cfg.remoteTargetPublicKeys;
      };
      groups."${cfg.remoteTargetUser}" = {};
    };

    systemd.services.setup-syncoid-remote = {
      description = "Permission setup for syncoid remote targets";
      documentation = ["https://github.com/jimsalterjrs/sanoid/wiki/Syncoid#running-without-root"];
      wantedBy = ["multi-user.target"];
      path = [pkgs.zfs];

      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = "yes";
      };

      script = ''
        DATASETS=(${toString cfg.remoteTargetDatasets})
              for dataset in "''${DATASETS[@]}"; do
                zfs allow \
              	-u ${cfg.remoteTargetUser} \
              	compression,mountpoint,create,mount,receive,rollback,destroy \
              	"$dataset"
              done
      '';
    };
  };
}
Added syncoid service Sets up ZFS replication. Syncoid modules handles configuration for both the remote and the target but I'm thinking I should split this up in the future. 2023-08-04 00:21:58 +00:00			`{`
			`options,`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
			`with lib; let`
			`cfg = config.aa.services.syncoid;`
			`in {`
			`options.aa.services.syncoid = with types; {`
			`enable = mkEnableOption "syncoid (ZFS snap replication)";`
			`commands = mkOption {`
			`type = attrs;`
			`default = {};`
			description = "Commands to pass directly to syncoid, see `services.syncoid.commands`";
			`};`
			`remoteTargetUser = mkOption {`
			`type = str;`
			`default = "";`
			`description = "The user to use on the target machine.";`
			`};`
			`remoteTargetDatasets = mkOption {`
			`type = listOf str;`
			`default = [];`
			`description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)";`
			`};`
			`remoteTargetPublicKeys = mkOption {`
			`type = listOf str;`
			`default = [];`
			`description = "SSH public keys that the syncoid service's user should trust";`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`services.syncoid = {`
			`enable = true;`
Added permisisons 2023-08-25 00:28:10 +00:00			`localSourceAllow =`
			`options.services.syncoid.localSourceAllow.default`
			`++ [`
			`"mount"`
			`];`
			`localTargetAllow =`
			`options.services.syncoid.localTargetAllow.default`
			`++ [`
			`"destroy"`
			`];`
Added syncoid service Sets up ZFS replication. Syncoid modules handles configuration for both the remote and the target but I'm thinking I should split this up in the future. 2023-08-04 00:21:58 +00:00			`commands = mkAliasDefinitions options.aa.services.syncoid.commands;`
			`};`

Added permisisons 2023-08-25 00:28:10 +00:00			`environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [`
			`lzop`
			`mbuffer`
			`]);`
Added syncoid service Sets up ZFS replication. Syncoid modules handles configuration for both the remote and the target but I'm thinking I should split this up in the future. 2023-08-04 00:21:58 +00:00
			`users = mkIf (cfg.remoteTargetUser != "") {`
			`users."${cfg.remoteTargetUser}" = {`
			`shell = pkgs.bashInteractive;`
			`group = cfg.remoteTargetUser;`
			`isSystemUser = true;`
			`home = "/var/lib/${cfg.remoteTargetUser}";`
			`createHome = true;`
			`openssh.authorizedKeys.keys = cfg.remoteTargetPublicKeys;`
			`};`
			`groups."${cfg.remoteTargetUser}" = {};`
			`};`

			`systemd.services.setup-syncoid-remote = {`
			`description = "Permission setup for syncoid remote targets";`
			`documentation = ["https://github.com/jimsalterjrs/sanoid/wiki/Syncoid#running-without-root"];`
			`wantedBy = ["multi-user.target"];`
			`path = [pkgs.zfs];`

			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = "yes";`
			`};`

			`script = ''`
			`DATASETS=(${toString cfg.remoteTargetDatasets})`
			`for dataset in "''${DATASETS[@]}"; do`
			`zfs allow \`
			`-u ${cfg.remoteTargetUser} \`
			`compression,mountpoint,create,mount,receive,rollback,destroy \`
			`"$dataset"`
			`done`
			`'';`
			`};`
			`};`
			`}`