nixos/borgbackup: fix ~/.cache, ~/.config ownership

Invoke `install` separately for each directory to get ownership right -- i.e. not always owned by root. When owned by root, user sessions break as no user processes are allowed to create directores there. On normal systems the directories already exist, but in clean environments / NixOS test VMs, the bug shows. Before: $ namei -l /home/user1/.cache/borg f: /home/user1/.cache/borg drwxr-xr-x root root / drwxr-xr-x root root home drwx------ user1 users user1 drwxr-xr-x root root .cache drwxr-xr-x user1 users borg After: $ namei -l /home/user1/.cache/borg f: /home/user1/.cache/borg drwxr-xr-x root root / drwxr-xr-x root root home drwx------ user1 users user1 drwxr-xr-x user1 users .cache drwxr-xr-x user1 users borg
2022-12-28 11:24:33 +01:00 · 2022-12-28 11:24:33 +01:00 · 0f0929f4aa
parent 3f3eb370c1
commit 0f0929f4aa
1 changed files with 3 additions and 2 deletions
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@ -150,8 +150,9 @@ let
        # Ensure that the home directory already exists
        # We can't assert createHome == true because that's not the case for root
        cd "${config.users.users.${cfg.user}.home}"
-        ${install} -d .config/borg
-        ${install} -d .cache/borg
+        # Create each directory separately to prevent root owned parent dirs
+        ${install} -d .config .config/borg
+        ${install} -d .cache .cache/borg
      '' + optionalString (isLocalPath cfg.repo && !cfg.removableDevice) ''
        ${install} -d ${escapeShellArg cfg.repo}
      ''));