feat: zfs auto snapshotting

hosts/testienix/fs.nix

@@ -57,6 +57,63 @@
     };
   };
 
+  services.zrepl = {
+    enable = true;
+    settings = {
+      global = {
+        logging = [
+          {
+            type = "syslog";
+            level = "info";
+            format = "human";
+          }
+        ];
+        # TODO Monitoring
+      };
+      jobs = [
+        #{
+        #  type = "push";
+        #  name = "push-to-remote";
+        #}
+        {
+          type = "snap";
+          name = "mach-schnipp-schusss";
+          filesystems = {
+            "panzer/local/state<" = true;
+            "panzer/safe<" = true;
+            "rpool/local/state<" = true;
+            "rpool/safe<" = true;
+          };
+          snapshotting = {
+            type = "periodic";
+            prefix = "zrepl-";
+            interval = "10m";
+            timestamp_format = "iso-8601";
+          };
+          pruning = {
+            keep = [
+              {
+                type = "regex";
+                regex = "^zrepl-.*$";
+                negate = true;
+              }
+              {
+                type = "grid";
+                grid = lib.concatStringsSep " | " [
+                  "1x1d(keep=all)"
+                  "142x1h(keep=2)"
+                  "90x1d(keep=2)"
+                  "500x7d"
+                ];
+                regex = "^zrepl-.*$";
+              }
+            ];
+          };
+        }
+      ];
+    };
+  };
+
   fileSystems."/state".neededForBoot = true;
   fileSystems."/panzer/state".neededForBoot = true;
   fileSystems."/panzer/persist".neededForBoot = true;

hosts/testienix/net.nix

@@ -6,7 +6,7 @@
     "01-lan1" = {
       address = ["192.168.178.32/24"];
       gateway = ["192.168.178.1"];
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac;
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
       dns = ["192.168.178.2"];
       networkConfig = {
         IPv6PrivacyExtensions = "yes";

hosts/testienix/secrets/secrets.nix.age

@@ -1,18 +1,13 @@
 age-encryption.org/v1
--> X25519 yvfsxGyyzm6ltKrzJCvt4fiNKq28qKc1NhJAfsBoKHk
+-> X25519 peN8LddAbhPxA8gKX8PUl5rsPQ8bLGu3pfsMYrm0cVE
-ccIcrFkuQ1OSXKQQD/6gUoM9Rmgxu1ZAmIyMVHgt4eM
+p9TRJH5BkYALKWathegKIV0ohIbI0QZ660V8awsFOis
--> piv-p256 XTQkUA A4vKRNyh9FMXQLR38Qr5BNRa9QunSvkwjf6lIgYbgnuO
+-> piv-p256 XTQkUA A+UjNTuqedCWHXhFamoMtkFmOT8xUY6U/0X8EqBGZaXf
-LaaIJYLwQcIS9/rXWF8+8hjQ0POPOQntD/hq2w0Dn7I
+G9HFGv2ZkKXy8vldhA6VYUvU8Yws9dWvqt+9VR3zIrs
--> piv-p256 ZFgiIw Avd6vl3zndUJ3sjF0LCOEWDIr7Kw+meAlhI96x5fblgC
+-> piv-p256 ZFgiIw AtHwhB/pCVKkW1n9pgcAOkcNOAezpYDgag+S/NBqF61u
-+oMYDzKBntsA5DJmLQpnVPemq1yK++j0ralMOiqgAps
+WCV3rZkXdXqfwJsbSC9zM/zVa3TUstgBBcAGmG7UccM
--> piv-p256 ZFgiIw AkFE4lLts1uL8TM3DEIlPXJh7G4na8AVXm/AYdnBs8x3
+-> piv-p256 ZFgiIw A01o+NKTlNvjyraiG1FQeJ2S+S8cmbFs2Tt/B6yXcYra
-RWV+VTPrJ+pGG9Zlok7J71Wb4r6yFqbN/fPYPBCdzxs
+gFUdee9s1/111+FoHQ+zsGwkYuEMXvCsjpgOyc3FRFg
--> s?N`-grease
+-> uu4VaK0-grease u\p]JK D\k37zk
-rN+B4f0cPFjxtUR/20RrSnzpacxc6SR3d4yiIaNB6iFH2mH01HlFcjFN46nwVs1g
+dg
-CWafTVncI4Vne/C+cA
+--- cyNvJMdMwm9HQ9yKMVctRQN7lxiupua6/WY/oAjX8zE
---- DDayA/fH/5rwjIYpl6JLltwh8+4EWcKYQ4P+pTkNuxI
+8£<EFBFBD>•¯p”ÙøÕ’‰ßKÌgäPp
ÚéHÀDdд/Ì_Yus7î«ØÒe:aJ˪¥”ë@†‹³s‰Ð`à²A<¸“ó'"'úfê)3(‹Éôów#7¸¾DEZÔ
êÍÊÞŸ*’c‚Q¿†È‚óÁÇùèÀ“3ûö;_<>Pø<06>ÓzŠù3.¨zn%ZÌ<5A>2

ôÐnMñ1JDe.¦Òâ
{5öÎ<C3B6>7|¶‰»GvXY)xî7R›ß8Ÿ“š3PýP‰ærã—.c­£fÒ‘CF@ÊCISÐÃŒJ~U×›†Ú!ÜøÅô<C385>$¹H—áMÜYO²•¨LPܱþ,t‡ê •K
ìGÊfŸõ½©ÝC’Í9º›šÙ¸C
„îÂiB6Í*›šjf
-ûïc­™Ä=¤ÀVðsS†s{@I=Kˆ4È}_{…\Álž´@„h&F$”	;(®ŠB
-¾šŸ.ÄÌDvZÁ¾?;¾Ê]Oïkƒ~L­ó¨NxÕÅûK…·FpØ)0eº+Î<>k;¶õÒu
-<0E>>ãÁÄéO,92B<*fá
-K|ÒšAàvñ@8_òu~ö<>ÿŽâ¹L‘)÷·†^µÌ¥É›vººtY«Ù:5*<16> ã{^X­´oí<6F>òè¥
-2èÐZ	,B+zkæS$“ƒ˜^4Nª®É(Txáøe<1D>°{#Õ8Ä·p6`­âr–& RÀÔðT pSFz"ˆ
ÁÈfŠñ)È£ÍÀo=¯SÉx^³“;	ôâ¨R•

lib/containers.nix

@@ -5,16 +5,17 @@ _inputs: _self: super: {
       containers.mkConfig = name: config:
         super.lib.mkMerge [
           {
-            bindmounts = {
+            bindMounts = {
               "state" = {
-                mountpoint = "/state";
+                mountPoint = "/state";
                 hostPath = "/state/containers/${name}";
               };
               "persist" = {
-                mountpoint = "/persist";
+                mountPoint = "/persist";
-                hostPath = config.zfs.mountpoint;
+                hostPath = "/containers/${name}";
               };
             };
+            zfs.mountpoint = super.lib.mkDefault "/containers/${name}";
             #config = {...}: {
             #};
           }

lib/default.nix

@@ -1,4 +1,5 @@
 inputs: [
   (import ./disko.nix inputs)
   (import ./containers.nix inputs)
+  (import ./misc.nix inputs)
 ]

lib/misc.nix

@@ -0,0 +1,29 @@
+_inputs: _self: super: let
+  inherit
+    (super.lib)
+    unique
+    foldl'
+    filter
+    ;
+
+  # Counts how often each element occurrs in xs.
+  # Elements must be strings.
+  countOccurrences =
+    foldl'
+    (acc: x: acc // {${x} = (acc.${x} or 0) + 1;})
+    {};
+  # Returns all elements in xs that occur at least twice
+  duplicates = xs: let
+    occurrences = countOccurrences xs;
+  in
+    unique (filter (x: occurrences.${x} > 1) xs);
+in {
+  lib =
+    super.lib
+    // {
+      inherit
+        countOccurrences
+        duplicates
+        ;
+    };
+}

modules/services/containers.nix

@@ -40,7 +40,6 @@ in {
 
             mountpoint = mkOption {
               type = types.str;
-              default = "/containers/${name}";
               description = mdDoc "The host's mountpoint for the containers dataset";
             };
           };

modules/services/nextcloud.nix

@@ -4,7 +4,7 @@
   ...
 }: {
   imports = [./containers.nix];
-  containers.nextcloud = lib.container.mkConfig "nextcloud" {
+  containers.nextcloud = lib.containers.mkConfig "nextcloud" {
     autoStart = true;
     zfs = {
       enable = true;