public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/syncoid: fix permissions without --no-sync-snap 

After 733acfa140, syncoid would fail to
run if commonArgs did not include [ "--no-sync-snap" ], since it would
not have permissions to create or destroy snapshots.
This commit is contained in:
Daniel Fullmer 2020-11-20 13:33:16 -08:00
parent 01083f116d
commit d87903ac6b
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/backup/syncoid.nix
View File

@ -197,14 +197,14 @@ in {
])) (attrValues cfg.commands); ])) (attrValues cfg.commands);
after = [ "zfs.target" ]; after = [ "zfs.target" ];
serviceConfig = { serviceConfig = {
ExecStartPre = (map (pool: lib.escapeShellArgs [ ExecStartPre = let
"+/run/booted-system/sw/bin/zfs" "allow" allowCmd = permissions: pool: lib.escapeShellArgs [
cfg.user "hold,send" pool "+/run/booted-system/sw/bin/zfs" "allow"
]) (getPools "source")) ++ cfg.user (concatStringsSep "," permissions) pool
(map (pool: lib.escapeShellArgs [ ];
"+/run/booted-system/sw/bin/zfs" "allow" in
cfg.user "create,mount,receive,rollback" pool (map (allowCmd [ "hold" "send" "snapshot" "destroy" ]) (getPools "source")) ++
]) (getPools "target")); (map (allowCmd [ "create" "mount" "receive" "rollback" ]) (getPools "target"));
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
}; };

1
nixos/tests/sanoid.nix
View File

@ -39,7 +39,6 @@ in {
services.syncoid = { services.syncoid = {
enable = true; enable = true;
sshKey = "/var/lib/syncoid/id_ecdsa"; sshKey = "/var/lib/syncoid/id_ecdsa";
commonArgs = [ "--no-sync-snap" ];
commands."pool/test".target = "root@target:pool/test"; commands."pool/test".target = "root@target:pool/test";
}; };
}; };