From 2668121c52bfb09491231962011c888231ae8906 Mon Sep 17 00:00:00 2001
From: ShatteredMINT <shatteredmint@gmail.com>
Date: Thu, 12 Dec 2024 22:24:11 +0100
Subject: [PATCH] add options to allow backing up to specific machine

---
 backup-target.nix | 32 ++++++++++++++++++++++++++++++++
 flake.nix         |  2 ++
 2 files changed, 34 insertions(+)
 create mode 100644 backup-target.nix

diff --git a/backup-target.nix b/backup-target.nix
new file mode 100644
index 0000000..d407e43
--- /dev/null
+++ b/backup-target.nix
@@ -0,0 +1,32 @@
+# configuration allowing this machine to be user as a backup server
+{ config, lib, pkgs, ... }:
+
+{
+  users.users.backup = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD''
+    #''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
+    ];
+
+    packages = [
+      pkgs.rsync
+      pkgs.rrsync
+    ];
+  };
+
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = true;
+      KbdInteractiveAuthentication = false;
+      # AllowUsers = [ "backup" ];
+      # UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 ]; 
+}
diff --git a/flake.nix b/flake.nix
index c19ab16..c21bb24 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,8 @@
 	  ./nvidia.nix
 	  ./plasma.nix
 
+      ./backup-target.nix
+
 	  ./users/shatteredmint.nix
 	];
       };