diff --git a/modules/system/actualbudget/backups.nix b/modules/system/actualbudget/backups.nix index 10519db..1cb0415 100644 --- a/modules/system/actualbudget/backups.nix +++ b/modules/system/actualbudget/backups.nix @@ -4,12 +4,32 @@ lib, ... }: +let + user = config.users.users.actual.name; +in { options.myConfig.actualbudget.backups.enable = lib.mkEnableOption ""; config = lib.mkIf config.myConfig.actualbudget.backups.enable { - myConfig.resticBackup.actual = { + security.polkit = { enable = true; + extraConfig = + let + service = "actual.service"; + in + '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "${service}" && + subject.user == "${user}") { + return polkit.Result.YES; + } + }); + ''; + }; + + myConfig.resticBackup.actual = { + inherit user; healthchecks.enable = true; extraConfig = { @@ -23,7 +43,7 @@ (pkgs.writeShellApplication { name = "actual-restore"; text = '' - sudo bash -c " + sudo --user=${user} bash -c " systemctl stop actual.service restic-actual restore latest --target / systemctl start actual.service diff --git a/modules/system/hedgedoc/backups.nix b/modules/system/hedgedoc/backups.nix index 132d117..fbeeb76 100644 --- a/modules/system/hedgedoc/backups.nix +++ b/modules/system/hedgedoc/backups.nix @@ -4,11 +4,32 @@ lib, ... }: +let + user = config.users.users.hedgedoc.name; +in { options.myConfig.hedgedoc.backups.enable = lib.mkEnableOption ""; config = lib.mkIf config.myConfig.hedgedoc.backups.enable { + security.polkit = { + enable = true; + extraConfig = + let + service = "hedgedoc.service"; + in + '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "${service}" && + subject.user == "${user}") { + return polkit.Result.YES; + } + }); + ''; + }; + myConfig.resticBackup.hedgedoc = { + inherit user; healthchecks.enable = true; extraConfig = { @@ -25,7 +46,7 @@ (pkgs.writeShellApplication { name = "hedgedoc-restore"; text = '' - sudo bash -c " + sudo --user=${user} bash -c " systemctl stop hedgedoc.service restic-hedgedoc restore latest --target / systemctl start hedgedoc.service diff --git a/modules/system/syncthing/backups.nix b/modules/system/syncthing/backups.nix index 1e45c24..9c8c6fe 100644 --- a/modules/system/syncthing/backups.nix +++ b/modules/system/syncthing/backups.nix @@ -6,6 +6,8 @@ }: let cfg = config.myConfig.syncthing; + + user = config.users.users.syncthing.name; in { options.myConfig.syncthing.backups.enable = lib.mkEnableOption ""; @@ -18,7 +20,25 @@ in } ]; + security.polkit = { + enable = true; + extraConfig = + let + service = "syncthing.service"; + in + '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "${service}" && + subject.user == "${user}") { + return polkit.Result.YES; + } + }); + ''; + }; + myConfig.resticBackup.syncthing = { + inherit user; healthchecks.enable = true; extraConfig = { @@ -32,7 +52,7 @@ in (pkgs.writeShellApplication { name = "syncthing-restore"; text = '' - sudo bash -c " + sudo --user=${user} bash -c " systemctl stop syncthing.service restic-syncthing restore latest --target / systemctl start syncthing.service