add archives group

2025-10-16 20:02:17 -05:00
parent 8438c58c19
commit 0fd7319de6
6 changed files with 36 additions and 18 deletions
--- a/bin/backup_browse.sh
+++ b/bin/backup_browse.sh
@@ -54,7 +54,7 @@ fi
 export BORG_PASSPHRASE

 # --- DEFAULT REPO ---
-REPO="${1:-/holocron/backups}"
+REPO="${1:-/holocron/archives/servers/snowbelle}"

 # --- CHECK REQUIRED COMMANDS ---
 for cmd in borg fzf find tree cp mkdir; do
--- a/modules/holocron/default.nix
+++ b/modules/holocron/default.nix
@@ -13,4 +13,7 @@
    ./copyparty
  ];

+  # define the groups used for backups and archives
+  users.groups.archives = {gid = 727;};
+
 }
--- a/modules/system/backups/default.nix
+++ b/modules/system/backups/default.nix
@@ -9,7 +9,7 @@ in a borg archive to the specified repo

      |     <3yy>    |
      V              V
-  modules.system.backups.baks = {
+  system.backups.baks = {
    ${service} = { paths = [ cfg.data_dir ]; };
  };
 */
@@ -46,12 +46,17 @@ in

  config = lib.mkIf (cfg.enable && cfg.baks != {}) {
    
+    systemd.tmpfiles.rules = [
+      "d /holocron/archives 2770 root archives - -"
+    ];
+
    systemd.services.backups = {
      description = "backup service with borg!";
      path = [ pkgs.borgbackup ];
      serviceConfig = {
        Type = "oneshot";
-#        EnvironmentFile = config.modules.system.backups.passphraseFile;
+        User = "root";
+        Group = "archives";   # make perms shake out
        # the actual script borg is using
        ExecStart = pkgs.writeShellScript "borg-backup" ''
          backup() {
@@ -59,7 +64,7 @@ in
            export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
            export BORG_REPO="${cfg.repo}"
            timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
-            mode=${cfg.mode}
+            mode=split

            # init repo in needed
            if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
@@ -80,7 +85,7 @@ in
                  echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
                  borg create \
                    --verbose \
-                   # --filter AME \
+                    --filter AME \
                    --list \
                    --stats \
                    --show-rc \
--- a/modules/system/home-manager/default.nix
+++ b/modules/system/home-manager/default.nix
@@ -1,12 +0,0 @@
-{ inputs, pkgs, config, lib, ... }:
-{
-  home-manager."blake" = {
-    extraSpecialArgs = { inherit inputs; };
-    users = {
-      modules = [
-        ../../users/blake/home.nix;
-        inputs.self.outputs.homeManagerModules.default;
-      ];
-    };
-  };
-}
--- a/modules/system/yubikey/default.nix
+++ b/modules/system/yubikey/default.nix
@@ -0,0 +1,22 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+
+let
+  service = "";
+  cfg = config.system.${service};
+  sec = config.sops.secrets;
+  homelab = config.homelab;
+in
+{
+  options.system.${service} = {
+    enable = lib.mkEnableOption "enables ${service}";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+  };
+}
--- a/users/blake/default.nix
+++ b/users/blake/default.nix
@@ -10,7 +10,7 @@
    users = {
      blake = {
        isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft"]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user.
        uid = 1000;
        shell = pkgs.zsh;
        group = "blake";