dennis/nix-config
1
1
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fixes backrest

Browse source
This commit is contained in:
Dennis 2026-02-20 11:30:34 +01:00
parent 6deba662d5
commit 62fb954b49
1 changed files with 3 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/backrest/default.nix
View file

@ -64,23 +64,14 @@ in
] ]
); );
users.groups.backrest = { };
users.users.backrest = {
isSystemUser = true;
group = "backrest";
home = "/var/lib/backrest";
createHome = true;
description = "Backrest service user";
};
# Write the declarative config into the backrest state dir at activation time. # Write the declarative config into the backrest state dir at activation time.
# The file must be in a writable location because backrest creates a .bak # The file must be in a writable location because backrest creates a .bak
# alongside it when migrating. /var/lib/backrest is owned by the backrest user. # alongside it when migrating. /var/lib/backrest is owned by the backrest user.
system.activationScripts.backrestConfig = { system.activationScripts.backrestConfig = {
deps = [ "users" ]; deps = [ "users" ];
text = '' text = ''
install -d -m 750 -o backrest -g backrest /var/lib/backrest install -d -m 750 /var/lib/backrest
install -m 640 -o backrest -g backrest \ install -m 640 \
${pkgs.writeText "backrest-config.json" backrestConfig} \ ${pkgs.writeText "backrest-config.json" backrestConfig} \
/var/lib/backrest/config.json /var/lib/backrest/config.json
''; '';
@ -101,14 +92,10 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "backrest"; User = "root";
Group = "backrest";
ExecStart = "${pkgs.backrest}/bin/backrest"; ExecStart = "${pkgs.backrest}/bin/backrest";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "5s"; RestartSec = "5s";
# Allow backrest to read root's SSH key for SFTP access
ReadOnlyPaths = [ "/root/.ssh/id_ed25519" ];
SupplementaryGroups = [ "shadow" ];
}; };
}; };
} }