From ba4d09e0ec81b9b3f1e19e7b01ba0d3d99ecc32e Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:25:04 +0100 Subject: [PATCH] fixes backrest --- modules/backrest/default.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 9fe3540..758e7dd 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -74,13 +74,17 @@ in description = "Backrest service user"; }; - # Write the declarative config at activation time. - # The file is owned by root (readable by backrest via group or world-read) - # but we set it 640 and add backrest to read it via the service's User=. - environment.etc."backrest/config.json" = { - text = backrestConfig; - mode = "0440"; - group = "backrest"; + # Write the declarative config into the backrest state dir at activation time. + # The file must be in a writable location because backrest creates a .bak + # alongside it when migrating. /var/lib/backrest is owned by the backrest user. + system.activationScripts.backrestConfig = { + deps = [ "users" ]; + text = '' + install -d -m 750 -o backrest -g backrest /var/lib/backrest + install -m 640 -o backrest -g backrest \ + ${pkgs.writeText "backrest-config.json" backrestConfig} \ + /var/lib/backrest/config.json + ''; }; systemd.services.backrest = { @@ -92,7 +96,7 @@ in environment = { BACKREST_PORT = "9004"; BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; - BACKREST_CONFIG = "/etc/backrest/config.json"; + BACKREST_CONFIG = "/var/lib/backrest/config.json"; BACKREST_DATA = "/var/lib/backrest/data"; };