Loading nixos/modules/services/backup/borgmatic.nix +12 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,10 @@ let postgresql = config.services.postgresql.package; mysql = config.services.mysql.package; requireSudo = s: s ? postgresql_databases && lib.any (d: d ? username && !(d ? password) && !(d ? pg_dump_command)) s.postgresql_databases; addRequiredBinaries = s: s Loading @@ -17,7 +21,7 @@ let postgresql_databases = map ( d: let as_user = if d ? username then "${pkgs.sudo}/bin/sudo -u ${d.username} " else ""; as_user = if d ? username && !(d ? password) then "${pkgs.sudo}/bin/sudo -u ${d.username} " else ""; in { pg_dump_command = Loading Loading @@ -113,6 +117,9 @@ let }; cfgfile = settingsFormat.generate "config.yaml" (addRequiredBinaries cfg.settings); anycfgRequiresSudo = requireSudo cfg.settings || lib.any requireSudo (lib.attrValues cfg.configurations); in { options.services.borgmatic = { Loading Loading @@ -173,6 +180,10 @@ in systemd.packages = [ pkgs.borgmatic ]; systemd.services.borgmatic.path = [ pkgs.coreutils ]; systemd.services.borgmatic.serviceConfig = lib.optionalAttrs anycfgRequiresSudo { NoNewPrivileges = false; CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_RAW CAP_SETUID CAP_SETGID"; }; # Workaround: https://github.com/NixOS/nixpkgs/issues/81138 systemd.timers.borgmatic.wantedBy = [ "timers.target" ]; Loading Loading
nixos/modules/services/backup/borgmatic.nix +12 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,10 @@ let postgresql = config.services.postgresql.package; mysql = config.services.mysql.package; requireSudo = s: s ? postgresql_databases && lib.any (d: d ? username && !(d ? password) && !(d ? pg_dump_command)) s.postgresql_databases; addRequiredBinaries = s: s Loading @@ -17,7 +21,7 @@ let postgresql_databases = map ( d: let as_user = if d ? username then "${pkgs.sudo}/bin/sudo -u ${d.username} " else ""; as_user = if d ? username && !(d ? password) then "${pkgs.sudo}/bin/sudo -u ${d.username} " else ""; in { pg_dump_command = Loading Loading @@ -113,6 +117,9 @@ let }; cfgfile = settingsFormat.generate "config.yaml" (addRequiredBinaries cfg.settings); anycfgRequiresSudo = requireSudo cfg.settings || lib.any requireSudo (lib.attrValues cfg.configurations); in { options.services.borgmatic = { Loading Loading @@ -173,6 +180,10 @@ in systemd.packages = [ pkgs.borgmatic ]; systemd.services.borgmatic.path = [ pkgs.coreutils ]; systemd.services.borgmatic.serviceConfig = lib.optionalAttrs anycfgRequiresSudo { NoNewPrivileges = false; CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_RAW CAP_SETUID CAP_SETGID"; }; # Workaround: https://github.com/NixOS/nixpkgs/issues/81138 systemd.timers.borgmatic.wantedBy = [ "timers.target" ]; Loading
