Add libvirt to dilion

[perso/Immae/Config/Nix.git] / modules / private / system / dilion.nix

diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 258506b545721ed815cd38692cd18ef026643898..5b01a532ca7c545a678ec4c5c11332a89e11aae0 100644 (file)
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -41,6 +41,37 @@
 
   programs.zsh.enable = true;
 
+  users.users.backup = {
+    home = "/var/lib/backup";
+    createHome = true;
+    hashedPassword = "!";
+    isSystemUser = true;
+    shell = pkgs.bashInteractive;
+    openssh.authorizedKeys.keys = let
+    in
+      ["command=\"${pkgs.rrsync_sudo}/bin/rrsync /var/lib/backup/eldiron/\"  ${config.myEnv.rsync_backup.ssh_key.public}"];
+  };
+  security.sudo.extraRules = [
+    {
+      commands = [
+        { command = "${pkgs.rsync}/bin/rsync"; options = [ "NOPASSWD" ]; }
+      ];
+      users = [ "backup" ];
+      runAs = "root";
+    }
+  ];
+
+  system.activationScripts.backup_home = ''
+    chown root:root /var/lib/backup
+    install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
+  '';
+
+  virtualisation.libvirtd.enable = true;
+  users.extraUsers.immae.extraGroups = [ "libvirtd" ];
+  systemd.services.libvirtd.postStart = ''
+    install -m 0770 -g libvirtd -d /var/lib/libvirt/images
+  '';
+
   time.timeZone = "Europe/Paris";
   nix = {
     useSandbox = "relaxed";