global:
  serve:
    stdinserver:
      # Directory where AF_UNIX sockets for stdinserver command are placed.
      #
      # `zrepl stdinserver CLIENT_IDENTITY`
      #   * connects to the socket in $sockdir/CLIENT_IDENTITY
      #   * sends its stdin / stdout file descriptors to the `zrepl daemon` process (see cmsg(3))
      #   * does nothing more
      #
      # This enables a setup where `zrepl daemon` is not directly exposed to the internet
      # but instead all traffic is tunnelled through SSH.
      # The server with the source job has an authorized_keys file entry for the public key
      # used by the corresponding pull job
      #
      #   command="/mnt/zrepl stdinserver CLIENT_IDENTITY" ssh-ed25519 AAAAC3NzaC1E... zrepl@pullingserver
      #
      # Below is the default value.
      sockdir: /var/run/zrepl/stdinserver

jobs:

- name: fullbackup_prod1
  # expect remote to connect via ssh+stdinserver with fullbackup_prod1 as client_identity
  type: source
  serve:
    type: stdinserver # see global.serve.stdinserver for explanation
    client_identity: fullbackup_prod1

  # snapshot these filesystems every 10m with zrepl_ as prefix
  filesystems: {
    "zroot/var/db<": "ok",
    "zroot/usr/home<": "ok",
    "zroot/var/tmp": "!", #don't backup /tmp
  }
  snapshot_prefix: zrepl_
  interval: 10m


  # keep 1 hour of snapshots (6 at 10m interval)
  # and  one day of bookmarks in case pull doesn't work (link down, etc)
  # => keep_bookmarks = 24h / interval = 24h / 10m = 144
  prune:
    policy: grid
    grid: 1x1h(keep=all)
    keep_bookmarks: 144