summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-17 14:08:29 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-17 14:08:29 +0100
commitcdade8e6c5ef4e02f9eaf7047248d00fae7fd805 (patch)
treee6e28bbe1965fc7bce5d7d0252b4477d648e000c
parent52f60bc7653196dd05a1e9e457ee1e3b24428eda (diff)
downloadnixos-cdade8e6c5ef4e02f9eaf7047248d00fae7fd805.tar
nixos-cdade8e6c5ef4e02f9eaf7047248d00fae7fd805.tar.gz
nixos-cdade8e6c5ef4e02f9eaf7047248d00fae7fd805.tar.bz2
nixos-cdade8e6c5ef4e02f9eaf7047248d00fae7fd805.tar.xz
nixos-cdade8e6c5ef4e02f9eaf7047248d00fae7fd805.zip
vidhar: ...
-rwxr-xr-xhosts/vidhar/borg/copy.py13
-rw-r--r--hosts/vidhar/borg/default.nix9
-rw-r--r--hosts/vidhar/borg/pyprctl-packages.nix21
3 files changed, 36 insertions, 7 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 4bfae1cb..9dac86ae 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -21,6 +21,7 @@ from xdg import xdg_runtime_dir
21import pathlib 21import pathlib
22 22
23import unshare 23import unshare
24import pyprctl
24 25
25import signal 26import signal
26from time import sleep 27from time import sleep
@@ -93,15 +94,19 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
93 child = os.fork() 94 child = os.fork()
94 if child == 0: 95 if child == 0:
95 # print('unshare/chroot', file=stderr) 96 # print('unshare/chroot', file=stderr)
96 uid_map_content = f'0 {os.getuid()} 1\n0 0 1' 97 uid, gid = os.getuid(), os.getgid()
97 gid_map_content = f'0 {os.getgid()} 1\n0 0 1'
98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER) 98 unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER)
99 with open('/proc/self/setgroups', 'w') as setgroups: 99 with open('/proc/self/setgroups', 'w') as setgroups:
100 setgroups.write('deny') 100 setgroups.write('deny')
101 with open('/proc/self/uid_map', 'w') as uid_map: 101 with open('/proc/self/uid_map', 'w') as uid_map:
102 uid_map.write(uid_map_content) 102 uid_map.write(f'0 {uid} 1')
103 with open('/proc/self/gid_map', 'w') as gid_map: 103 with open('/proc/self/gid_map', 'w') as gid_map:
104 gid_map.write(gid_map_content) 104 gid_map.write(f'0 {gid} 1')
105 pyprctl.cap_ambient_raise(pyprctl.Cap.SYS_ADMIN)
106 with open('/proc/self/uid_map', 'w') as uid_map:
107 uid_map.write(f'{uid} {uid} 1')
108 with open('/proc/self/gid_map', 'w') as gid_map:
109 gid_map.write(f'{gid} {gid} 1')
105 subprocess.run(['mount', '--make-rprivate', '/'], check=True) 110 subprocess.run(['mount', '--make-rprivate', '/'], check=True)
106 chroot = pathlib.Path(tmpdir) / 'chroot' 111 chroot = pathlib.Path(tmpdir) / 'chroot'
107 upper = pathlib.Path(tmpdir) / 'upper' 112 upper = pathlib.Path(tmpdir) / 'upper'
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 170ef65d..71c0da26 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -43,7 +43,10 @@ let
43 }; 43 };
44 }; 44 };
45 45
46 copyBorg = pkgs.stdenv.mkDerivation rec { 46 copyBorg = pkgs.stdenv.mkDerivation (let
47 packageOverrides = pkgs.callPackage ./pyprctl-packages.nix {};
48 inpPython = pkgs.python39.override { inherit packageOverrides; };
49 in rec {
47 name = "copy"; 50 name = "copy";
48 src = ./copy.py; 51 src = ./copy.py;
49 52
@@ -51,7 +54,7 @@ let
51 54
52 buildInputs = with pkgs; [makeWrapper]; 55 buildInputs = with pkgs; [makeWrapper];
53 56
54 python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare halo]); 57 python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]);
55 58
56 buildPhase = '' 59 buildPhase = ''
57 substitute $src copy \ 60 substitute $src copy \
@@ -70,7 +73,7 @@ let
70 wrapProgram $out/bin/copy \ 73 wrapProgram $out/bin/copy \
71 --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])} 74 --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}
72 ''; 75 '';
73 }; 76 });
74in { 77in {
75 config = { 78 config = {
76 services.borgbackup.repos.jotnar = { 79 services.borgbackup.repos.jotnar = {
diff --git a/hosts/vidhar/borg/pyprctl-packages.nix b/hosts/vidhar/borg/pyprctl-packages.nix
new file mode 100644
index 00000000..d3b4256a
--- /dev/null
+++ b/hosts/vidhar/borg/pyprctl-packages.nix
@@ -0,0 +1,21 @@
1# Generated by pip2nix 0.8.0.dev1
2# See https://github.com/nix-community/pip2nix
3
4{ pkgs, fetchurl, fetchgit, fetchhg }:
5
6self: super: {
7 "pyprctl" = super.buildPythonPackage rec {
8 pname = "pyprctl";
9 version = "0.1.3";
10 src = fetchurl {
11 url = "https://files.pythonhosted.org/packages/bf/5e/62765de39bbce8111fb1f4453a4a804913bf49179fa265fb713ed66c9d15/pyprctl-0.1.3-py3-none-any.whl";
12 sha256 = "1pgif990r92za5rx12mjnq5iiz72d455v0wrawzb73q79w8ya0k3";
13 };
14 format = "wheel";
15 doCheck = false;
16 buildInputs = [];
17 checkInputs = [];
18 nativeBuildInputs = [];
19 propagatedBuildInputs = [];
20 };
21}