create a user called zfsbackup
useradd zfsbackup --create-home --system
mkdir -p /home/zfsbackup/{.ssh,.local/bin}
chown zfsbackup:zfsbackup /home/zfsbackup --recursive
add a restricted list of commands allowed by this user
echo 'restrict,command="restrict_commands.sh" ssh-ed25519 ...' > /home/zfsbackup/.ssh/authorized_keys
place the restrict_commands.sh in /home/zfsbackup/.local/bin
if the script errors out because of missing the ts command, install the moreutils package
sudo apt install moreutils
grant permissions on the tank/dataset (match to the name of your zfs pool and dataset)
zfs allow -u zfsbackup send,hold tank/dataset
run cronjob with:
syncoid --no-sync-snap --no-privilege-elevation --sendoptions=Rw zfsbackup@target:tank/dataset tank/dataset