Created
March 7, 2021 20:00
-
-
Save MarcoPolo/13462e986711f62bfc6b7b8e494c5cc8 to your computer and use it in GitHub Desktop.
lazyssh config for an on-demand ZFS backup target
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen = "0.0.0.0:7922" # The default | |
| # Set this to the contents of lazyssh_host_key generated above. | |
| host_key = <<-EOF | |
| -----BEGIN OPENSSH PRIVATE KEY----- | |
| ... | |
| -----END OPENSSH PRIVATE KEY----- | |
| EOF | |
| # Set this to the contents of lazyssh_client_key.pub generated above. | |
| authorized_key = <<-EOF | |
| ssh-ed25519 ... | |
| EOF | |
| } | |
| target "archiver" "aws_ec2" { | |
| # NixOS https://nixos.org/download.html#nixos-amazon | |
| image_id = "ami-0fb7bd4a43261c6b2" | |
| user_data = <<-USEREOF | |
| /* SSH Host information. Multiline comment so this isn't evaluated when inside configuration.nix. Note that SSH_HOST_ED25519_KEY is all on one line. | |
| SSH_HOST_ED25519_KEY:-----BEGIN OPENSSH PRIVATE KEY-----|line1|line2|...|-----END OPENSSH PRIVATE KEY----- | |
| SSH_HOST_ED25519_KEY_PUB:ssh-ed25519 ... root@archiver | |
| */ | |
| {pkgs, ...}: | |
| { | |
| imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ]; | |
| ec2.hvm = true; | |
| ec2.efi = false; | |
| boot.supportedFilesystems = [ "zfs" ]; | |
| environment.systemPackages = (with pkgs; [ lz4 ]); | |
| # Randomly generated | |
| networking.hostId = "796774C8"; | |
| # This may fail initially since the backup dataset hasn't been created | |
| fileSystems."/backup" = { | |
| device = "rpool/backup"; | |
| fsType = "zfs"; | |
| }; | |
| } | |
| USEREOF | |
| instance_type = "t3.micro" | |
| region = "us-west-2" | |
| profile = "default" | |
| # Name of the key pair to launch with. (Required) | |
| key_name = "YOUR_AWS_KEYPAIR" | |
| # The amount of time the EC2 instance will | |
| # linger before it is terminated. The default is to terminate the instance | |
| # immediately when the last connection is closed. | |
| linger = "60s" | |
| # Root drive backed by EBS. This is for the machine to run, this is not where backups are stored. | |
| ebs_block_device { | |
| # Name of the EBS volume. (Required) | |
| device_name = "/dev/xvda" | |
| # Whether to delete the volume on instance termination. | |
| delete_on_termination = true | |
| # Whether to encrypt the volume. | |
| encrypted = true | |
| # KMS key ID used to encrypt the volume. | |
| kms_key_id = "00000000-0000-0000-0000-000000000000" | |
| # Size in GiB. | |
| volume_size = 40 | |
| # Type of volume. One of: standard, gp2, io1, io2 | |
| volume_type = "io2" | |
| # Provisioned IOPS. Required for volume types `io1` and `io2`. | |
| iops = 400 | |
| } | |
| placement { | |
| availability_zone = "us-west-2d" | |
| } | |
| attach_volume { | |
| device_name = "/dev/xvdb" | |
| volume_id = "vol-BACKUPVOLID" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment