From c3e53a4c369f051595b61cb05a75c548c17cc90f Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Wed, 1 Jan 2025 19:39:15 -0500
Subject: [PATCH 1/3] use sudo to tar redis db

---
 backup.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/backup.nix b/backup.nix
index 17788a7..001dcd3 100644
--- a/backup.nix
+++ b/backup.nix
@@ -12,6 +12,8 @@ let
 
   backupConfigFile = "/etc/misskey-backup/conf";
   s3Cfg = "/etc/misskey-backup/s3cfg";
+
+  tarRedisStdoutCmd = "tar -cz -C /var/lib/redis-misskey .";
 in {
   users.users."${user}" = {
     isSystemUser = true;
@@ -62,7 +64,7 @@ in {
       pg_dump misskey | gzip | upload "pg_dump.sql.gz"
 
       echo "Uploading redis database..."
-      tar -cz -C /var/lib/redis-misskey . | upload "redis.tar.gz"
+      sudo ${tarRedisStdoutCmd} | upload "redis.tar.gz"
 
       echo "Backup complete to '$s3Dir'"
     '';
@@ -73,4 +75,12 @@ in {
   };
 
   systemd.timers.misskey-backup = { timerConfig.Persistent = true; };
+
+  security.sudo.extraRules = [{
+    groups = [ group ];
+    commands = [{
+      command = tarRedisStdoutCmd;
+      options = [ "NOPASSWD" ];
+    }];
+  }];
 }

From 84e4d13ceda125ff7cc14fd8aa6d0ba2e5efb9bc Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Wed, 1 Jan 2025 19:44:44 -0500
Subject: [PATCH 2/3] fail script if any commands fail

---
 backup.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backup.nix b/backup.nix
index 001dcd3..90cf87b 100644
--- a/backup.nix
+++ b/backup.nix
@@ -44,6 +44,8 @@ in {
     ];
 
     script = ''
+      set -o pipefail
+
       ageRecipient="age17ckyc69njpryytc63ynn545jswyucg28k5xg3043g3j6q38dxqwq0wzhm2"
       bucket="$(grep 'bucket=' < "${backupConfigFile}" | sed 's/bucket \?= \?//g')"
       prefix="$(grep 'prefix=' < "${backupConfigFile}" | sed 's/prefix \?= \?//g')"

From 0ebd6794d7a593cdf2cc72af04351e7ef954185e Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Wed, 1 Jan 2025 19:54:22 -0500
Subject: [PATCH 3/3] add admin.egirls.gay as valid email domain

---
 postfix.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postfix.nix b/postfix.nix
index 600a5d3..c9654b1 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -18,6 +18,6 @@
     enable = true;
     selector = "default";
     socket = "inet:8891@127.0.0.1";
-    domains = "csl:${config.networking.fqdn}";
+    domains = "csl:${config.networking.fqdn},admin.${config.networking.fqdn}";
   };
 }