···
then [ "${name} ${value}" ]
else concatLists (mapAttrsToList (genSection name) value);
50
-
addDefaults = settings: { backend = "btrfs-progs-sudo"; } // settings;
51
+
if config.security.sudo.enable then "sudo"
52
+
else if config.security.doas.enable then "doas"
53
+
else throw "The btrbk nixos module needs either sudo or doas enabled in the configuration";
55
+
addDefaults = settings: { backend = "btrfs-progs-${sudo_doas}"; } // settings;
mkConfigFile = name: settings: pkgs.writeTextFile {
name = "btrbk-${name}.conf";
···
config = mkIf (sshEnabled || serviceEnabled) {
environment.systemPackages = [ pkgs.btrbk ] ++ cfg.extraPackages;
155
-
security.sudo.extraRules = [
157
-
users = [ "btrbk" ];
159
-
{ command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; }
160
-
{ command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; }
161
-
{ command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; }
162
-
# for ssh, they are not the same than the one hard coded in ${pkgs.btrbk}
163
-
{ command = "/run/current-system/bin/btrfs"; options = [ "NOPASSWD" ]; }
164
-
{ command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; }
165
-
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
160
+
security.sudo = mkIf (sudo_doas == "sudo") {
163
+
users = [ "btrbk" ];
165
+
{ command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; }
166
+
{ command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; }
167
+
{ command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; }
168
+
# for ssh, they are not the same than the one hard coded in ${pkgs.btrbk}
169
+
{ command = "/run/current-system/bin/btrfs"; options = [ "NOPASSWD" ]; }
170
+
{ command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; }
171
+
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
176
+
security.doas = mkIf (sudo_doas == "doas") {
178
+
doasCmdNoPass = cmd: { users = [ "btrbk" ]; cmd = cmd; noPass = true; };
181
+
(doasCmdNoPass "${pkgs.btrfs-progs}/bin/btrfs")
182
+
(doasCmdNoPass "${pkgs.coreutils}/bin/mkdir")
183
+
(doasCmdNoPass "${pkgs.coreutils}/bin/readlink")
184
+
# for ssh, they are not the same than the one hard coded in ${pkgs.btrbk}
185
+
(doasCmdNoPass "/run/current-system/bin/btrfs")
186
+
(doasCmdNoPass "/run/current-system/sw/bin/mkdir")
187
+
(doasCmdNoPass "/run/current-system/sw/bin/readlink")
189
+
# doas matches command, not binary
190
+
(doasCmdNoPass "btrfs")
191
+
(doasCmdNoPass "mkdir")
192
+
(doasCmdNoPass "readlink")
# ssh needs a home directory
···
}.${cfg.ioSchedulingClass};
212
+
sudo_doas_flag = "--${sudo_doas}";
187
-
''command="${pkgs.util-linux}/bin/ionice -t -c ${toString ioniceClass} ${optionalString (cfg.niceness >= 1) "${pkgs.coreutils}/bin/nice -n ${toString cfg.niceness}"} ${pkgs.btrbk}/share/btrbk/scripts/ssh_filter_btrbk.sh --sudo ${options}" ${v.key}''
214
+
''command="${pkgs.util-linux}/bin/ionice -t -c ${toString ioniceClass} ${optionalString (cfg.niceness >= 1) "${pkgs.coreutils}/bin/nice -n ${toString cfg.niceness}"} ${pkgs.btrbk}/share/btrbk/scripts/ssh_filter_btrbk.sh ${sudo_doas_flag} ${options}" ${v.key}''
pyrox.dev