From 786141228f3a7d00dc696ae6600f36953710053a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
Date: Sat, 6 Apr 2024 00:40:07 +0200
Subject: [PATCH] nixos/borgbackup: fix directory ownership regression
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Re-add separate creation of the ~/.config and ~/.cache directories so
that they get correct ownership. Or else they get owned by root.

systemd-tmpfiles also warns about it:

  machine # [    3.022195] systemd-tmpfiles[472]: Detected unsafe path transition /home/user1 (owned by user1) → /home/user1/.cache (owned by root) during canonicalization of home/user1/.cache.
  machine # [    3.024566] systemd-tmpfiles[472]: Detected unsafe path transition /home/user1 (owned by user1) → /home/user1/.config (owned by root) during canonicalization of home/user1/.config.

Fixes: 8d3cf213db5a2323 ("nixos/borgbackup: replace activationScript via tmpfiles")
---
 nixos/modules/services/backup/borgbackup.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index 6f4455d3be60..ad6194f8262a 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -147,6 +147,9 @@ let
     let
       settings = { inherit (cfg) user group; };
     in lib.nameValuePair "borgbackup-job-${name}" ({
+      # Create parent dirs separately, to ensure correct ownership.
+      "${config.users.users."${cfg.user}".home}/.config".d = settings;
+      "${config.users.users."${cfg.user}".home}/.cache".d = settings;
       "${config.users.users."${cfg.user}".home}/.config/borg".d = settings;
       "${config.users.users."${cfg.user}".home}/.cache/borg".d = settings;
     } // optionalAttrs (isLocalPath cfg.repo && !cfg.removableDevice) {