diff options
author | Daniel Fullmer <danielrf12@gmail.com> | 2020-11-20 13:33:16 -0800 |
---|---|---|
committer | Daniel Fullmer <danielrf12@gmail.com> | 2020-11-21 17:47:36 -0800 |
commit | d87903ac6b184df2a944229c8905e2a0eea1ead2 (patch) | |
tree | aeedbe6abb487d9bc03cf35e864b4ad56ed5fcb4 | |
parent | 01083f116d9b63192c1a78b535cfb2a510e05223 (diff) | |
download | nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar.gz nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar.bz2 nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar.lz nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar.xz nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.tar.zst nixpkgs-d87903ac6b184df2a944229c8905e2a0eea1ead2.zip |
nixos/syncoid: fix permissions without --no-sync-snap
After 733acfa140d5b73bc69c53c4ebd90ccc5f281f0e, syncoid would fail to run if commonArgs did not include [ "--no-sync-snap" ], since it would not have permissions to create or destroy snapshots.
-rw-r--r-- | nixos/modules/services/backup/syncoid.nix | 16 | ||||
-rw-r--r-- | nixos/tests/sanoid.nix | 1 |
2 files changed, 8 insertions, 9 deletions
diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index e72e3fa59cf..b764db1f14e 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -197,14 +197,14 @@ in { ])) (attrValues cfg.commands); after = [ "zfs.target" ]; serviceConfig = { - ExecStartPre = (map (pool: lib.escapeShellArgs [ - "+/run/booted-system/sw/bin/zfs" "allow" - cfg.user "hold,send" pool - ]) (getPools "source")) ++ - (map (pool: lib.escapeShellArgs [ - "+/run/booted-system/sw/bin/zfs" "allow" - cfg.user "create,mount,receive,rollback" pool - ]) (getPools "target")); + ExecStartPre = let + allowCmd = permissions: pool: lib.escapeShellArgs [ + "+/run/booted-system/sw/bin/zfs" "allow" + cfg.user (concatStringsSep "," permissions) pool + ]; + in + (map (allowCmd [ "hold" "send" "snapshot" "destroy" ]) (getPools "source")) ++ + (map (allowCmd [ "create" "mount" "receive" "rollback" ]) (getPools "target")); User = cfg.user; Group = cfg.group; }; diff --git a/nixos/tests/sanoid.nix b/nixos/tests/sanoid.nix index 66ddaad60ea..44e14ef4e44 100644 --- a/nixos/tests/sanoid.nix +++ b/nixos/tests/sanoid.nix @@ -39,7 +39,6 @@ in { services.syncoid = { enable = true; sshKey = "/var/lib/syncoid/id_ecdsa"; - commonArgs = [ "--no-sync-snap" ]; commands."pool/test".target = "root@target:pool/test"; }; }; |