diff options
Diffstat (limited to 'modules/private/system/dilion.nix')
| -rw-r--r-- | modules/private/system/dilion.nix | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 258506b..dbfd38f 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix | |||
| @@ -41,6 +41,31 @@ | |||
| 41 | 41 | ||
| 42 | programs.zsh.enable = true; | 42 | programs.zsh.enable = true; |
| 43 | 43 | ||
| 44 | users.users.backup = { | ||
| 45 | home = "/var/lib/backup"; | ||
| 46 | createHome = true; | ||
| 47 | hashedPassword = "!"; | ||
| 48 | isSystemUser = true; | ||
| 49 | shell = pkgs.bashInteractive; | ||
| 50 | openssh.authorizedKeys.keys = let | ||
| 51 | in | ||
| 52 | ["command=\"${pkgs.rrsync_sudo}/bin/rrsync /var/lib/backup/eldiron/\" ${config.myEnv.rsync_backup.ssh_key.public}"]; | ||
| 53 | }; | ||
| 54 | security.sudo.extraRules = [ | ||
| 55 | { | ||
| 56 | commands = [ | ||
| 57 | { command = "${pkgs.rsync}/bin/rsync"; options = [ "NOPASSWD" ]; } | ||
| 58 | ]; | ||
| 59 | users = [ "backup" ]; | ||
| 60 | runAs = "root"; | ||
| 61 | } | ||
| 62 | ]; | ||
| 63 | |||
| 64 | system.activationScripts.backup_home = '' | ||
| 65 | chown root:root /var/lib/backup | ||
| 66 | install -m 0750 -o backup -g root -d /var/lib/backup/eldiron | ||
| 67 | ''; | ||
| 68 | |||
| 44 | time.timeZone = "Europe/Paris"; | 69 | time.timeZone = "Europe/Paris"; |
| 45 | nix = { | 70 | nix = { |
| 46 | useSandbox = "relaxed"; | 71 | useSandbox = "relaxed"; |