fixes backrest

modules/backrest/default.nix

@@ -64,23 +64,14 @@ in
     ]
   );
 
-  users.groups.backrest = { };
-  users.users.backrest = {
-    isSystemUser = true;
-    group = "backrest";
-    home = "/var/lib/backrest";
-    createHome = true;
-    description = "Backrest service user";
-  };
-
   # Write the declarative config into the backrest state dir at activation time.
   # The file must be in a writable location because backrest creates a .bak
   # alongside it when migrating. /var/lib/backrest is owned by the backrest user.
   system.activationScripts.backrestConfig = {
     deps = [ "users" ];
     text = ''
-      install -d -m 750 -o backrest -g backrest /var/lib/backrest
-      install -m 640 -o backrest -g backrest \
+      install -d -m 750 /var/lib/backrest
+      install -m 640 \
         ${pkgs.writeText "backrest-config.json" backrestConfig} \
         /var/lib/backrest/config.json
     '';
@@ -101,14 +92,10 @@ in
 
     serviceConfig = {
       Type = "simple";
-      User = "backrest";
-      Group = "backrest";
+      User = "root";
       ExecStart = "${pkgs.backrest}/bin/backrest";
       Restart = "on-failure";
       RestartSec = "5s";
-      # Allow backrest to read root's SSH key for SFTP access
-      ReadOnlyPaths = [ "/root/.ssh/id_ed25519" ];
-      SupplementaryGroups = [ "shadow" ];
     };
   };
 }