From be26625700bed0c31158efa1cab0684aeab1bce1 Mon Sep 17 00:00:00 2001
From: Alejandro Angulo <iam@alejandr0angul0.dev>
Date: Thu, 24 Aug 2023 17:28:10 -0700
Subject: [PATCH] Added permisisons

---
 modules/services/syncoid/default.nix | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/modules/services/syncoid/default.nix b/modules/services/syncoid/default.nix
index f7651df..8fb0e00 100644
--- a/modules/services/syncoid/default.nix
+++ b/modules/services/syncoid/default.nix
@@ -35,13 +35,23 @@ in {
   config = mkIf cfg.enable {
     services.syncoid = {
       enable = true;
+      localSourceAllow =
+        options.services.syncoid.localSourceAllow.default
+        ++ [
+          "mount"
+        ];
+      localTargetAllow =
+        options.services.syncoid.localTargetAllow.default
+        ++ [
+          "destroy"
+        ];
       commands = mkAliasDefinitions options.aa.services.syncoid.commands;
     };
 
-    environment.systemPackages = mkIf (cfg.remoteTargetUser != "") [
-      pkgs.lzop
-      pkgs.mbuffer
-    ];
+    environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [
+      lzop
+      mbuffer
+    ]);
 
     users = mkIf (cfg.remoteTargetUser != "") {
       users."${cfg.remoteTargetUser}" = {