Skip to content

nixos/snapper: automatically create the .snapshots subvolume with correct permissions #78046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

nixos/snapper: automatically create the .snapshots subvolume with correct permissions #78046

wants to merge 2 commits into from
+159 −89

Conversation

symphorien
Copy link
Member

Motivation for this change

The configuration is declarative but still requires manual intervention to create .snapshots.

Only the second commit is interesting, the first one only runs nixpkgs-fmt.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@symphorien symphorien requested a review from ck3d January 19, 2020 21:02
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 19, 2020
@bqv
Copy link
Contributor

bqv commented Mar 24, 2020

Looks reasonable, I haven't tested extensively because I don't use snapper on my system, but I run btrfs, so I'm happy to if no maintainers can.

@symphorien
Copy link
Member Author

friendly bump @ck3d

@stale
Copy link

stale bot commented Oct 2, 2020

Hello, I'm a bot and I thank you in the name of the community for your contributions.

Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do:

If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using Git blame on the relevant files, or via GitHub's web interface. You can see if someone's a member of the nixpkgs-committers team, by hovering with the mouse over their username on the web interface, or by searching them directly on the list.

If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use Git blame on the relevant files, or GitHub's web interface to find someone who touched the relevant files in the past.

If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always officially request them for a review, or just @ mention them and say you've addressed their comments.

Lastly, you can always ask for help at our Discourse Forum, or more specifically, at this thread or at #nixos' IRC channel.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Oct 2, 2020
@SuperSandro2000 SuperSandro2000 added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jan 18, 2021
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 18, 2021
@stale
Copy link

stale bot commented Jul 19, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 19, 2021
Atemu
Atemu reviewed Jul 19, 2022
View reviewed changes
nixos/modules/services/misc/snapper.nix
Comment on lines 156 to 171
systemd.services.snapper-subvolume-setup = {
description = "Creates .snapshots subvolumes for Snapper Snapshots";
inherit documentation;
script = let
config = cfg: "v /.snapshots 0770 root root\n" + (
let
acl = lib.concatMapStringsSep "," (x: "${x}:r-x") ((map (u: "u:${u}") cfg.allowUsers) ++ (map (g: "g:${g}") cfg.allowGroups));
in
optionalString (acl != "") "a /.snapshots - - - - ${acl}"
);
cmd = cfg: "systemd-tmpfiles --create --root ${cfg.subvolume} ${builtins.toFile "snapper-subvolume-setup.conf" (config cfg)}";
in
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cfg: cmd cfg) cfg.configs);
wantedBy = [ "multi-user.target" ];
};

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use systemd.tmpfiles.rules for this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because v creates a directory instead of a submodule if / is not btrfs. So it is required to the --root argument to systemd-tmpfiles.

The alternative is to hack an idempotent wrapper around btrfs submodule create.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 19, 2022
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/snapper-should-snapshots-subvolumes-be-created-automatically/22329/5

@Freed-Wu
Copy link
Contributor

Freed-Wu commented Feb 1, 2023 

IO Error (open failed path://.snapshots errno:2 (No such file or directory)).

It looks like this PR can fix this bug?

@Freed-Wu Freed-Wu mentioned this pull request Feb 1, 2023
Open
@symphorien
Copy link
Member Author

It's possible however I don't use snapper anymore so feel free to reopen this pull request for yourself and to fix the merge conflicts.

@symphorien symphorien closed this Feb 2, 2023
@n8henrie
Copy link
Contributor

@Freed-Wu found this issue trying to debug that error. In my case it was due to having a swapfile on the same subvolume:

Fixed with instructions here: https://askubuntu.com/a/1206161

Afterwards snapper can make snapshots again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Atemu Atemu

@ck3d ck3d

Assignees
No one assigned
Labels
2.status: merge conflict This PR has merge conflicts with the target branch 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@symphorien @bqv @nixos-discourse @Freed-Wu @n8henrie @Atemu @SuperSandro2000