···

       
197
       
197
       
 
       
               ])) (attrValues cfg.commands);

     

       
198
       
198
       
 
       
        after = [ "zfs.target" ];

     

       
199
       
199
       
 
       
        serviceConfig = {

     

       
200
       
200
       
-
       
          ExecStartPre = (map (pool: lib.escapeShellArgs [

     

       
201
       
201
       
-
       
            "+/run/booted-system/sw/bin/zfs" "allow"

     

       
202
       
202
       
-
       
            cfg.user "hold,send" pool

     

       
203
       
203
       
-
       
          ]) (getPools "source")) ++

     

       
204
       
204
       
-
       
          (map (pool: lib.escapeShellArgs [

     

       
205
       
205
       
-
       
            "+/run/booted-system/sw/bin/zfs" "allow"

     

       
206
       
206
       
-
       
            cfg.user "create,mount,receive,rollback" pool

     

       
207
       
207
       
-
       
          ]) (getPools "target"));

     

       
200
       
200
       
+
       
          ExecStartPre = let

     

       
201
       
201
       
+
       
            allowCmd = permissions: pool: lib.escapeShellArgs [

     

       
202
       
202
       
+
       
              "+/run/booted-system/sw/bin/zfs" "allow"

     

       
203
       
203
       
+
       
              cfg.user (concatStringsSep "," permissions) pool

     

       
204
       
204
       
+
       
            ];

     

       
205
       
205
       
+
       
          in

     

       
206
       
206
       
+
       
            (map (allowCmd [ "hold" "send" "snapshot" "destroy" ]) (getPools "source")) ++

     

       
207
       
207
       
+
       
            (map (allowCmd [ "create" "mount" "receive" "rollback" ]) (getPools "target"));

     

       
208
       
208
       
 
       
          User = cfg.user;

     

       
209
       
209
       
 
       
          Group = cfg.group;

     

       
210
       
210
       
 
       
        };

     

···

       
39
       
39
       
 
       
      services.syncoid = {

     

       
40
       
40
       
 
       
        enable = true;

     

       
41
       
41
       
 
       
        sshKey = "/var/lib/syncoid/id_ecdsa";

     

       
42
       
42
       
-
       
        commonArgs = [ "--no-sync-snap" ];

     

       
43
       
42
       
 
       
        commands."pool/test".target = "root@target:pool/test";

     

       
44
       
43
       
 
       
      };

     

       
45
       
44
       
 
       
    };