-
-
Notifications
You must be signed in to change notification settings - Fork 94
Haumea: znapzend configuration
Graham Christensen edited this page Mar 29, 2020
·
9 revisions
In this document, I call the receiving server "target". The receiving end must run ZFS. In this snippet, I assume the following about "target":
- the backups will be stored in a pool named
mass - the dataset will be named
mass/nixos-org/haumea - it will have a user named "nixosfoundationbackups"
In the receiving server's configuration, define a user like this:
{
users.users.nixosfoundationbackups = {
# the user needs to be able to execute commands remotely, thus having a shell:
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyyr/4fMKQ1fwa5DjFVIHQLchr4EKcOWEI++gYBTbWF root@haumea"
];
};
}Then create the dataset:
target# zfs create mass/nixos-org/haumea
target# zfs set canmount=off mass/nixos-org/haumea
target# zfs allow -u nixosfoundationbackups create,destroy,mount,receive,userprop mass/nixos-org/haumea
Also look up the public ed25519 key on the server:
target# cat /etc/ssh/ssh_host_ed25519_key.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKUSblYu3vgZOY4hsezAx8pwwsgVyDsnZLT9M0zZsgZ root@nixos
Add the host key:
{
services.ssh = {
knownHosts = {
rob-backup-server = {
hostNames = [ "targetserver" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKUSblYu3vgZOY4hsezAx8pwwsgVyDsnZLT9M0zZsgZ";
};
};
};
}Then edit Haumea's expression and add your server to Haumea's list of targets:
{
services.znapzend = {
zetup = {
"rpool/safe" = {
destinations.your-servers-name = {
plan = "1hour=>5min,4day=>1hour,1week=>1day,1year=>1week,10year=>1month";
host = "nixosfoundationbackups@your-servers-address";
# Note: the `/safe` suffix is intentionally not created automatically. Do not omit the `/safe`
# suffix when adding a server, in case we need to sync more top level datasets in the future.
dataset = "mass/nixos-org/haumea/safe";
};
};
};
};
}