Merge pull request #136925 from Artturin/snapperfix

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/snapper: change timer wantedBy to timers.target & add snapshotOnBoot

authored by

markuskowa and committed by

GitHub 4 years ago e3e5fc9b cdfe909d

+30 -9

1 changed file

expand all

unified split

nixos

modules

services

misc

snapper.nix

+30 -9

nixos/modules/services/misc/snapper.nix

··· 9 9 { 10 10 options.services.snapper = { 11 11 12 + snapshotRootOnBoot = mkOption { 13 + type = types.bool; 14 + default = false; 15 + description = '' 16 + Whether to snapshot root on boot 17 + ''; 18 + }; 19 + 12 20 snapshotInterval = mkOption { 13 21 type = types.str; 14 22 default = "hourly"; ··· 130 138 Type = "dbus"; 131 139 BusName = "org.opensuse.Snapper"; 132 140 ExecStart = "${pkgs.snapper}/bin/snapperd"; 141 + CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE"; 142 + LockPersonality = true; 143 + NoNewPrivileges = false; 144 + PrivateNetwork = true; 145 + ProtectHostname = true; 146 + RestrictAddressFamilies = "AF_UNIX"; 147 + RestrictRealtime = true; 133 148 }; 134 149 }; 135 150 136 151 systemd.services.snapper-timeline = { 137 152 description = "Timeline of Snapper Snapshots"; 138 153 inherit documentation; 154 + requires = [ "local-fs.target" ]; 139 155 serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline"; 140 - }; 141 - 142 - systemd.timers.snapper-timeline = { 143 - description = "Timeline of Snapper Snapshots"; 144 - inherit documentation; 145 - wantedBy = [ "basic.target" ]; 146 - timerConfig.OnCalendar = cfg.snapshotInterval; 156 + startAt = cfg.snapshotInterval; 147 157 }; 148 158 149 159 systemd.services.snapper-cleanup = { ··· 155 165 systemd.timers.snapper-cleanup = { 156 166 description = "Cleanup of Snapper Snapshots"; 157 167 inherit documentation; 158 - wantedBy = [ "basic.target" ]; 168 + wantedBy = [ "timers.target" ]; 169 + requires = [ "local-fs.target" ]; 159 170 timerConfig.OnBootSec = "10m"; 160 171 timerConfig.OnUnitActiveSec = cfg.cleanupInterval; 161 172 }; 173 + 174 + systemd.services.snapper-boot = lib.optionalAttrs cfg.snapshotRootOnBoot { 175 + description = "Take snapper snapshot of root on boot"; 176 + inherit documentation; 177 + serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot"; 178 + serviceConfig.type = "oneshot"; 179 + requires = [ "local-fs.target" ]; 180 + wantedBy = [ "multi-user.target" ]; 181 + unitConfig.ConditionPathExists = "/etc/snapper/configs/root"; 182 + }; 183 + 162 184 }); 163 185 } 164 -