From c3e53a4c369f051595b61cb05a75c548c17cc90f Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Wed, 1 Jan 2025 19:39:15 -0500
Subject: [PATCH] use sudo to tar redis db

---
 backup.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/backup.nix b/backup.nix
index 17788a7..001dcd3 100644
--- a/backup.nix
+++ b/backup.nix
@@ -12,6 +12,8 @@ let
 
   backupConfigFile = "/etc/misskey-backup/conf";
   s3Cfg = "/etc/misskey-backup/s3cfg";
+
+  tarRedisStdoutCmd = "tar -cz -C /var/lib/redis-misskey .";
 in {
   users.users."${user}" = {
     isSystemUser = true;
@@ -62,7 +64,7 @@ in {
       pg_dump misskey | gzip | upload "pg_dump.sql.gz"
 
       echo "Uploading redis database..."
-      tar -cz -C /var/lib/redis-misskey . | upload "redis.tar.gz"
+      sudo ${tarRedisStdoutCmd} | upload "redis.tar.gz"
 
       echo "Backup complete to '$s3Dir'"
     '';
@@ -73,4 +75,12 @@ in {
   };
 
   systemd.timers.misskey-backup = { timerConfig.Persistent = true; };
+
+  security.sudo.extraRules = [{
+    groups = [ group ];
+    commands = [{
+      command = tarRedisStdoutCmd;
+      options = [ "NOPASSWD" ];
+    }];
+  }];
 }