diff options
| author | Elis Hirwing <elis@hirwing.se> | 2021-07-25 09:59:18 +0200 |
|---|---|---|
| committer | Elis Hirwing <elis@hirwing.se> | 2021-07-25 10:12:32 +0200 |
| commit | 70862830f0a1415acd6c9fb7fc74ab59530f41dc (patch) | |
| tree | d1f795ff862f2c4d877f1ec9bf76cf3ef1b60e4d /nixos | |
| parent | 9df5935217ef8979adb7b14004fadc9fdcc898d4 (diff) | |
nixos/syncoid: Extract datasets rather than pools
When sending or receiving datasets with the old implementation it wouldn't matter which dataset we were sending or receiving, we would always delegate permissions to the entire pool.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/backup/syncoid.nix | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index 888ef20f642e5..80a704a7d26e0 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -5,9 +5,9 @@ with lib; let cfg = config.services.syncoid; - # Extract the pool name of a local dataset (any dataset not containing "@") - localPoolName = d: optionals (d != null) ( - let m = builtins.match "([^/@]+)[^@]*" d; in + # Extract local dasaset names (so no datasets containing "@") + localDatasetName = d: optionals (d != null) ( + let m = builtins.match "([^/@]+[^@]*)" d; in optionals (m != null) m); # Escape as required by: https://www.freedesktop.org/software/systemd/man/systemd.unit.html @@ -206,15 +206,15 @@ in { path = [ "/run/booted-system/sw/bin/" ]; serviceConfig = { ExecStartPre = - map (pool: lib.escapeShellArgs [ + map (dataset: lib.escapeShellArgs [ "+/run/booted-system/sw/bin/zfs" "allow" - cfg.user "bookmark,hold,send,snapshot,destroy" pool + cfg.user "bookmark,hold,send,snapshot,destroy" dataset # Permissions snapshot and destroy are in case --no-sync-snap is not used - ]) (localPoolName c.source) ++ - map (pool: lib.escapeShellArgs [ + ]) (localDatasetName c.source) ++ + map (dataset: lib.escapeShellArgs [ "+/run/booted-system/sw/bin/zfs" "allow" - cfg.user "create,mount,receive,rollback" pool - ]) (localPoolName c.target); + cfg.user "create,mount,receive,rollback" dataset + ]) (localDatasetName c.target); ExecStart = lib.escapeShellArgs ([ "${pkgs.sanoid}/bin/syncoid" ] ++ optionals c.useCommonArgs cfg.commonArgs ++ optional c.recursive "-r" |