diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 13:38:01 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-17 13:38:01 +0100 |
commit | b53adfffd50440aec3d02ef49b5d0c55b2c82644 (patch) | |
tree | cf2e3fb6e466389b450a5ad1259b6413116af2f2 | |
parent | b4e74d1ead7d0a7e5d5e502a58d70029673e2a77 (diff) | |
download | nixos-b53adfffd50440aec3d02ef49b5d0c55b2c82644.tar nixos-b53adfffd50440aec3d02ef49b5d0c55b2c82644.tar.gz nixos-b53adfffd50440aec3d02ef49b5d0c55b2c82644.tar.bz2 nixos-b53adfffd50440aec3d02ef49b5d0c55b2c82644.tar.xz nixos-b53adfffd50440aec3d02ef49b5d0c55b2c82644.zip |
vidhar: ...
-rwxr-xr-x | hosts/vidhar/borg/copy.py | 7 | ||||
-rw-r--r-- | hosts/vidhar/borg/default.nix | 9 | ||||
-rw-r--r-- | hosts/vidhar/borg/pyprctl-packages.nix | 21 |
3 files changed, 9 insertions, 28 deletions
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py index 3ec520b5..e15b56c3 100755 --- a/hosts/vidhar/borg/copy.py +++ b/hosts/vidhar/borg/copy.py | |||
@@ -86,9 +86,14 @@ def copy_archive(src_repo_path, dst_repo_path, entry): | |||
86 | child = os.fork() | 86 | child = os.fork() |
87 | if child == 0: | 87 | if child == 0: |
88 | # print('unshare/chroot', file=stderr) | 88 | # print('unshare/chroot', file=stderr) |
89 | uid_map_content = f'0 {os.getuid()} 1' | ||
90 | gid_map_content = f'0 {os.getgid()} 1' | ||
89 | unshare.unshare(unshare.CLONE_NEWUSER) | 91 | unshare.unshare(unshare.CLONE_NEWUSER) |
92 | with open('/proc/self/uid_map', 'w') as uid_map: | ||
93 | uid_map.write(uid_map_content) | ||
94 | with open('/proc/self/gid_map', 'w') as gid_map: | ||
95 | gid_map.write(gid_map_content) | ||
90 | unshare.unshare(unshare.CLONE_NEWNS) | 96 | unshare.unshare(unshare.CLONE_NEWNS) |
91 | pyprctl.cap_ambient_raise(pyprctl.Cap.SYS_ADMIN) | ||
92 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) | 97 | subprocess.run(['mount', '--make-rprivate', '/'], check=True) |
93 | chroot = pathlib.Path(tmpdir) / 'chroot' | 98 | chroot = pathlib.Path(tmpdir) / 'chroot' |
94 | upper = pathlib.Path(tmpdir) / 'upper' | 99 | upper = pathlib.Path(tmpdir) / 'upper' |
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 3515a18b..88fcc1ed 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -42,10 +42,7 @@ let | |||
42 | }; | 42 | }; |
43 | }; | 43 | }; |
44 | 44 | ||
45 | copyBorg = pkgs.stdenv.mkDerivation (let | 45 | copyBorg = pkgs.stdenv.mkDerivation rec { |
46 | packageOverrides = pkgs.callPackage ./pyprctl-packages.nix {}; | ||
47 | inpPython = pkgs.python39.override { inherit packageOverrides; }; | ||
48 | in rec { | ||
49 | name = "copy"; | 46 | name = "copy"; |
50 | src = ./copy.py; | 47 | src = ./copy.py; |
51 | 48 | ||
@@ -53,7 +50,7 @@ let | |||
53 | 50 | ||
54 | buildInputs = with pkgs; [makeWrapper]; | 51 | buildInputs = with pkgs; [makeWrapper]; |
55 | 52 | ||
56 | python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); | 53 | python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare halo]); |
57 | 54 | ||
58 | buildPhase = '' | 55 | buildPhase = '' |
59 | substitute $src copy \ | 56 | substitute $src copy \ |
@@ -72,7 +69,7 @@ let | |||
72 | wrapProgram $out/bin/copy \ | 69 | wrapProgram $out/bin/copy \ |
73 | --prefix PATH : ${config.security.wrapperDir}:${makeBinPath (with pkgs; [borgbackup])} | 70 | --prefix PATH : ${config.security.wrapperDir}:${makeBinPath (with pkgs; [borgbackup])} |
74 | ''; | 71 | ''; |
75 | }); | 72 | }; |
76 | in { | 73 | in { |
77 | config = { | 74 | config = { |
78 | services.borgbackup.repos.jotnar = { | 75 | services.borgbackup.repos.jotnar = { |
diff --git a/hosts/vidhar/borg/pyprctl-packages.nix b/hosts/vidhar/borg/pyprctl-packages.nix deleted file mode 100644 index d3b4256a..00000000 --- a/hosts/vidhar/borg/pyprctl-packages.nix +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | # Generated by pip2nix 0.8.0.dev1 | ||
2 | # See https://github.com/nix-community/pip2nix | ||
3 | |||
4 | { pkgs, fetchurl, fetchgit, fetchhg }: | ||
5 | |||
6 | self: super: { | ||
7 | "pyprctl" = super.buildPythonPackage rec { | ||
8 | pname = "pyprctl"; | ||
9 | version = "0.1.3"; | ||
10 | src = fetchurl { | ||
11 | url = "https://files.pythonhosted.org/packages/bf/5e/62765de39bbce8111fb1f4453a4a804913bf49179fa265fb713ed66c9d15/pyprctl-0.1.3-py3-none-any.whl"; | ||
12 | sha256 = "1pgif990r92za5rx12mjnq5iiz72d455v0wrawzb73q79w8ya0k3"; | ||
13 | }; | ||
14 | format = "wheel"; | ||
15 | doCheck = false; | ||
16 | buildInputs = []; | ||
17 | checkInputs = []; | ||
18 | nativeBuildInputs = []; | ||
19 | propagatedBuildInputs = []; | ||
20 | }; | ||
21 | } | ||