nixpkgs/nixos/modules/services/backup
Elias Probst 27da11972d nixos/restic: correct location of cache directory
By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.

The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.

systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.

Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.

[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
2021-01-30 18:24:51 -08:00
..
automysqlbackup.nix treewide: Switch to system users 2019-10-12 22:25:28 +02:00
bacula.nix bacula: add types 2021-01-25 19:00:01 +01:00
borgbackup.nix nixos/borgbackup: fix evaluation 2020-04-02 12:40:02 +01:00
borgbackup.xml nixos/doc: Improve code listings 2020-09-23 01:25:25 +02:00
duplicati.nix duplicati: fix StateDirectory 2019-06-27 14:15:37 +02:00
duplicity.nix nixos/duplicity: init 2019-02-03 19:13:01 +01:00
mysql-backup.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
postgresql-backup.nix treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
postgresql-wal-receiver.nix nixos/postgresql-wal-receiver: remove restart limit (#67857) 2019-09-23 22:51:26 +03:00
restic-rest-server.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
restic.nix nixos/restic: correct location of cache directory 2021-01-30 18:24:51 -08:00
rsnapshot.nix nixos/modules: Remove all usages of types.string 2019-08-31 18:19:00 +02:00
sanoid.nix nixos/sanoid, nixos/syncoid: init module and test 2020-02-10 01:12:39 +01:00
syncoid.nix Merge pull request #79759 from lopsided98/syncoid-no-root 2020-10-25 10:40:33 -04:00
tarsnap.nix treewide: fix double quoted strings in meta.description 2021-01-24 19:56:59 +07:00
tsm.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
zfs-replication.nix nixos/zfs-replication: document expected lz4 on host system 2020-06-24 19:41:36 +02:00
znapzend.nix treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00