diff --git a/hosts/carcosa/configuration.nix b/hosts/carcosa/configuration.nix index 2b6f109a..2fc45230 100644 --- a/hosts/carcosa/configuration.nix +++ b/hosts/carcosa/configuration.nix @@ -412,8 +412,8 @@ in exit 1 fi - /run/wrappers/bin/sudo rsync -a --delete ~/bookdb-covers/ ${config.nixfiles.bookdb.dataDir}/covers || exit 1 - /run/wrappers/bin/sudo chown -R ${config.users.users.bookdb.name}.nogroup ${config.nixfiles.bookdb.dataDir}/covers || exit 1 + /run/wrappers/bin/sudo ${pkgs.rsync}/bin/rsync -a --delete ~/bookdb-covers/ ${config.nixfiles.bookdb.dataDir}/covers || exit 1 + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/chown -R ${config.users.users.bookdb.name}.nogroup ${config.nixfiles.bookdb.dataDir}/covers || exit 1 ''; bookdb-receive-elasticsearch = '' env ES_HOST=${config.systemd.services.bookdb.environment.ES_HOST} \ @@ -438,7 +438,7 @@ in users = [ config.users.extraUsers.nyarlathotep-remote-sync.name ]; commands = [ { command = "${pkgs.rsync}/bin/rsync -a --delete ${config.users.extraUsers.nyarlathotep-remote-sync.home}/bookdb-covers/ ${config.nixfiles.bookdb.dataDir}/covers"; options = [ "NOPASSWD" ]; } - { command = "${pkgs.coreutils-full}/bin/chown -R ${config.users.users.bookdb.name}.nogroup ${config.nixfiles.bookdb.dataDir}/covers"; options = [ "NOPASSWD" ]; } + { command = "${pkgs.coreutils}/bin/chown -R ${config.users.users.bookdb.name}.nogroup ${config.nixfiles.bookdb.dataDir}/covers"; options = [ "NOPASSWD" ]; } ]; } ]; diff --git a/hosts/nyarlathotep/configuration.nix b/hosts/nyarlathotep/configuration.nix index d369fb25..f72d8b4c 100644 --- a/hosts/nyarlathotep/configuration.nix +++ b/hosts/nyarlathotep/configuration.nix @@ -475,8 +475,8 @@ in ExecStart = pkgs.writeShellScript "bookdb-sync" '' set -ex - /run/wrappers/bin/sudo cp -r ${config.nixfiles.bookdb.dataDir}/covers/ ~/bookdb-covers - trap "/run/wrappers/bin/sudo rm -rf ~/bookdb-covers" EXIT + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/cp -r ${config.nixfiles.bookdb.dataDir}/covers/ ~/bookdb-covers + trap "/run/wrappers/bin/sudo ${pkgs.coreutils}/bin/rm -rf ~/bookdb-covers" EXIT rsync -az\ -e "ssh -i $SSH_KEY_FILE -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ ~/bookdb-covers/ \ diff --git a/shared/bookdb/default.nix b/shared/bookdb/default.nix index 6003781d..33ac6aab 100644 --- a/shared/bookdb/default.nix +++ b/shared/bookdb/default.nix @@ -67,7 +67,7 @@ in # TODO: figure out how to get `sudo` in the unit's path (adding the # package doesn't help - need the wrapper) nixfiles.backups.scripts.bookdb = '' - /run/wrappers/bin/sudo cp -a ${cfg.dataDir}/covers covers + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/cp -a ${cfg.dataDir}/covers covers env ES_HOST=${config.systemd.services.bookdb.environment.ES_HOST} ${pkgs.nixfiles.bookdb}/bin/python -m bookdb.index.dump | gzip -9 > dump.json.gz ''; nixfiles.backups.sudoRules = [ diff --git a/shared/concourse/default.nix b/shared/concourse/default.nix index 731d5c04..70348cde 100644 --- a/shared/concourse/default.nix +++ b/shared/concourse/default.nix @@ -14,6 +14,7 @@ with lib; let cfg = config.nixfiles.concourse; backend = config.nixfiles.oci-containers.backend; + backendPkg = if backend == "docker" then pkgs.docker else pkgs.podman; in { imports = [ @@ -91,14 +92,10 @@ in ]; nixfiles.backups.scripts.concourse = '' - /run/wrappers/bin/sudo ${backend} exec -i concourse-db pg_dump -U concourse --no-owner concourse | gzip -9 > dump.sql.gz + /run/wrappers/bin/sudo ${backendPkg}/bin/${backend} exec -i concourse-db pg_dump -U concourse --no-owner concourse | gzip -9 > dump.sql.gz ''; nixfiles.backups.sudoRules = [ - { - command = - let pkg = if backend == "docker" then pkgs.docker else pkgs.podman; - in "${pkg}/bin/${backend} exec -i concourse-db pg_dump -U concourse --no-owner concourse"; - } + { command = "${backendPkg}/bin/${backend} exec -i concourse-db pg_dump -U concourse --no-owner concourse"; } ]; }; } diff --git a/shared/foundryvtt/default.nix b/shared/foundryvtt/default.nix index 73985560..470548d3 100644 --- a/shared/foundryvtt/default.nix +++ b/shared/foundryvtt/default.nix @@ -47,10 +47,10 @@ in # TODO: figure out how to get `sudo` in the unit's path (adding the # package doesn't help - need the wrapper) nixfiles.backups.scripts.foundryvtt = '' - /run/wrappers/bin/sudo systemctl stop foundryvtt - /run/wrappers/bin/sudo tar cfz bin.tar.gz ${cfg.dataDir}/bin - /run/wrappers/bin/sudo cp -a ${cfg.dataDir}/data data - /run/wrappers/bin/sudo systemctl start foundryvtt + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl stop foundryvtt + /run/wrappers/bin/sudo ${pkgs.gnutar}/bin/tar cfz bin.tar.gz ${cfg.dataDir}/bin + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/cp -a ${cfg.dataDir}/data data + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl start foundryvtt ''; nixfiles.backups.sudoRules = [ { command = "${pkgs.systemd}/bin/systemctl stop foundryvtt"; } diff --git a/shared/pleroma/default.nix b/shared/pleroma/default.nix index 9dc0e54a..910fea2c 100644 --- a/shared/pleroma/default.nix +++ b/shared/pleroma/default.nix @@ -13,6 +13,7 @@ with lib; let cfg = config.nixfiles.pleroma; backend = config.nixfiles.oci-containers.backend; + backendPkg = if backend == "docker" then pkgs.docker else pkgs.podman; in { imports = [ @@ -92,18 +93,14 @@ in # TODO: figure out how to get `sudo` in the unit's path (adding the package # doesn't help - need the wrapper) nixfiles.backups.scripts.pleroma = '' - /run/wrappers/bin/sudo cp -a ${config.users.users.pleroma.home}/uploads uploads - /run/wrappers/bin/sudo cp -a ${config.users.users.pleroma.home}/static/emoji/custom emoji - /run/wrappers/bin/sudo ${backend} exec -i pleroma-db pg_dump -U pleroma --no-owner -Fc pleroma > postgres.dump + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/cp -a ${config.users.users.pleroma.home}/uploads uploads + /run/wrappers/bin/sudo ${pkgs.coreutils}/bin/cp -a ${config.users.users.pleroma.home}/static/emoji/custom emoji + /run/wrappers/bin/sudo ${backendPkg}/bin/${backend} exec -i pleroma-db pg_dump -U pleroma --no-owner -Fc pleroma > postgres.dump ''; nixfiles.backups.sudoRules = [ { command = "${pkgs.coreutils}/bin/cp -a ${config.users.users.pleroma.home}/uploads uploads"; } { command = "${pkgs.coreutils}/bin/cp -a ${config.users.users.pleroma.home}/static/emoji/custom emoji"; } - { - command = - let pkg = if backend == "docker" then pkgs.docker else pkgs.podman; - in "${pkg}/bin/${backend} exec -i pleroma-db pg_dump -U pleroma --no-owner -Fc pleroma"; - } + { command = "${backendPkg}/bin/${backend} exec -i pleroma-db pg_dump -U pleroma --no-owner -Fc pleroma"; } ]; }; } diff --git a/shared/umami/default.nix b/shared/umami/default.nix index d0dada3d..d86c9170 100644 --- a/shared/umami/default.nix +++ b/shared/umami/default.nix @@ -11,6 +11,7 @@ with lib; let cfg = config.nixfiles.umami; backend = config.nixfiles.oci-containers.backend; + backendPkg = if backend == "docker" then pkgs.docker else pkgs.podman; in { imports = [ @@ -42,14 +43,10 @@ in }; nixfiles.backups.scripts.umami = '' - /run/wrappers/bin/sudo ${backend} exec -i umami-db pg_dump -U umami --no-owner umami | gzip -9 > dump.sql.gz + /run/wrappers/bin/sudo ${backendPkg}/bin/${backend} exec -i umami-db pg_dump -U umami --no-owner umami | gzip -9 > dump.sql.gz ''; nixfiles.backups.sudoRules = [ - { - command = - let pkg = if backend == "docker" then pkgs.docker else pkgs.podman; - in "${pkg}/bin/${backend} exec -i umami-db pg_dump -U umami --no-owner umami"; - } + { command = "${backendPkg}/bin/${backend} exec -i umami-db pg_dump -U umami --no-owner umami"; } ]; }; }