diff --git a/modules/services/syncoid/default.nix b/modules/services/syncoid/default.nix index f7651df..8fb0e00 100644 --- a/modules/services/syncoid/default.nix +++ b/modules/services/syncoid/default.nix @@ -35,13 +35,23 @@ in { config = mkIf cfg.enable { services.syncoid = { enable = true; + localSourceAllow = + options.services.syncoid.localSourceAllow.default + ++ [ + "mount" + ]; + localTargetAllow = + options.services.syncoid.localTargetAllow.default + ++ [ + "destroy" + ]; commands = mkAliasDefinitions options.aa.services.syncoid.commands; }; - environment.systemPackages = mkIf (cfg.remoteTargetUser != "") [ - pkgs.lzop - pkgs.mbuffer - ]; + environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [ + lzop + mbuffer + ]); users = mkIf (cfg.remoteTargetUser != "") { users."${cfg.remoteTargetUser}" = {