nixos/sanoid: Extract datasets rather than pools

When making new snapshots we only need to delegate permissions to the
specific dataset rather than the entire pool.

1 files changed, 8 insertions, 8 deletions

diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix
index abc4def1c61..9713581165b 100644
--- a/nixos/modules/services/backup/sanoid.nix
+++ b/nixos/modules/services/backup/sanoid.nix
@@ -70,8 +70,8 @@ let
     processChildrenOnly = process_children_only;
   };
 
-  # Extract pool names from configured datasets
-  pools = unique (map (d: head (builtins.match "([^/]+).*" d)) (attrNames cfg.datasets));
+  # Extract unique dataset names
+  datasets = unique (attrNames cfg.datasets);
 
   configFile = let
     mkValueString = v:
@@ -156,18 +156,18 @@ in {
       systemd.services.sanoid = {
         description = "Sanoid snapshot service";
         serviceConfig = {
-          ExecStartPre = map (pool: lib.escapeShellArgs [
+          ExecStartPre = map (dataset: lib.escapeShellArgs [
             "+/run/booted-system/sw/bin/zfs" "allow"
-            "sanoid" "snapshot,mount,destroy" pool
-          ]) pools;
+            "sanoid" "snapshot,mount,destroy" dataset
+          ]) datasets;
           ExecStart = lib.escapeShellArgs ([
             "${pkgs.sanoid}/bin/sanoid"
             "--cron"
             "--configdir" (pkgs.writeTextDir "sanoid.conf" configFile)
           ] ++ cfg.extraArgs);
-          ExecStopPost = map (pool: lib.escapeShellArgs [
-            "+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" pool
-          ]) pools;
+          ExecStopPost = map (dataset: lib.escapeShellArgs [
+            "+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" dataset
+          ]) datasets;
           User = "sanoid";
           Group = "sanoid";
           DynamicUser = true;