From bb35e7c4044432111ab9fec5ef9c4260ae651582 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Sun, 25 Jul 2021 10:00:37 +0200 Subject: [PATCH] nixos/sanoid: Extract datasets rather than pools When making new snapshots we only need to delegate permissions to the specific dataset rather than the entire pool. --- nixos/modules/services/backup/sanoid.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix index abc4def1c61f..9713581165ba 100644 --- a/nixos/modules/services/backup/sanoid.nix +++ b/nixos/modules/services/backup/sanoid.nix @@ -70,8 +70,8 @@ let processChildrenOnly = process_children_only; }; - # Extract pool names from configured datasets - pools = unique (map (d: head (builtins.match "([^/]+).*" d)) (attrNames cfg.datasets)); + # Extract unique dataset names + datasets = unique (attrNames cfg.datasets); configFile = let mkValueString = v: @@ -156,18 +156,18 @@ in { systemd.services.sanoid = { description = "Sanoid snapshot service"; serviceConfig = { - ExecStartPre = map (pool: lib.escapeShellArgs [ + ExecStartPre = map (dataset: lib.escapeShellArgs [ "+/run/booted-system/sw/bin/zfs" "allow" - "sanoid" "snapshot,mount,destroy" pool - ]) pools; + "sanoid" "snapshot,mount,destroy" dataset + ]) datasets; ExecStart = lib.escapeShellArgs ([ "${pkgs.sanoid}/bin/sanoid" "--cron" "--configdir" (pkgs.writeTextDir "sanoid.conf" configFile) ] ++ cfg.extraArgs); - ExecStopPost = map (pool: lib.escapeShellArgs [ - "+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" pool - ]) pools; + ExecStopPost = map (dataset: lib.escapeShellArgs [ + "+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" dataset + ]) datasets; User = "sanoid"; Group = "sanoid"; DynamicUser = true;