···
302
-
mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" {
302
+
(mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" {
description = "Tarsnap archive '${name}'";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
···
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
PermissionsStartOnly = "true";
348
+
}) gcfg.archives) //
350
+
(mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{
351
+
description = "Tarsnap restore '${name}'";
352
+
requires = [ "network-online.target" ];
354
+
path = [ pkgs.iputils pkgs.tarsnap pkgs.utillinux ];
358
+
while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done
363
+
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
364
+
lastArchive = ''$(${tarsnap} --list-archives | sort | tail -1)'';
365
+
run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}'';
367
+
in if (cfg.cachedir != null) then ''
368
+
mkdir -p ${cfg.cachedir}
369
+
chmod 0700 ${cfg.cachedir}
372
+
if [ ! -e ${cfg.cachedir}/firstrun ]; then
377
+
) 10>${cfg.cachedir}/firstrun
379
+
) 9>${cfg.cachedir}/lockf
381
+
exec flock ${cfg.cachedir}/firstrun ${run}
382
+
'' else "exec ${run}";
386
+
IOSchedulingClass = "idle";
387
+
NoNewPrivileges = "true";
388
+
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
389
+
PermissionsStartOnly = "true";
# Note: the timer must be Persistent=true, so that systemd will start it even
# if e.g. your laptop was asleep while the latest interval occurred.
pyrox.dev