From c227ea6f20635e265db7ad30e070c9210a21dce6 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Sun, 25 Feb 2024 17:33:54 +0100
Subject: [PATCH] journalwatch config

---
 modules/journalwatch.nix | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix
index 535aa96..569433e 100644
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@@ -67,18 +67,6 @@
         match = "_TRANSPORT = kernel";
       }
 
-      #
-      # _EXE
-      #
-
-      { # yodaNas
-        filters = ''
-          # Ignore any invocation of sudo.
-          .*
-        '';
-        match = "_EXE = //nix/store/[a-z0-9]+-sudo-[0-9]+\\.[0-9]+\\.[0-9]+[a-z0-9]+/bin/sudo/";
-      }
-
       #
       # _SYSTEMD_CGROUP
       #
@@ -405,9 +393,13 @@
         '';
         match = "SYSLOG_IDENTIFIER = sshd";
       }
-      { # yodaTux. If the user `yoda` runs a command with `sudo`.
+      {
         filters = ''
+          # yodaTux. If the user `yoda` runs a command with `sudo`.
           \s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
+          # yodaNas. If the btrbk service is run.
+          \s+btrbk : PWD=/ ; USER=root ; COMMAND=/.+
+          \s+root : PWD=/ ; USER=root ; COMMAND=/nix/store/[a-z0-9]+-btrfs-progs-[0-9\.]+/bin/btrfs (subvolume show|subvolume delete --commit-each|send|receive) .+
         '';
         match = "SYSLOG_IDENTIFIER = sudo";
       }