Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 1fb2d04c2697
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 27da11972d3f
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Jan 31, 2021

  1. nixos/restic: correct location of cache directory 

    By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.

The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.

systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.

Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.

[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
    @eliasp @cole-h
    eliasp authored and cole-h committed Jan 31, 2021
    Copy the full SHA
    27da119 View commit details
    Browse the repository at this point in the history