jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix(borgbackup): add unencrypted repo access and refactor environment blocks

Browse source 
Fixes cache initialization failures on unencrypted repositories and
standardizes environment variable configuration across all backup jobs.

Changes:
- Add BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK to unencrypted repos
  (fuchsia/viridian onsite) to bypass interactive confirmation prompt
- Refactor all environment.BORG_RSH to multiline attribute set format
  for consistency and future extensibility

The cache initialization error occurred after removing persistent timers
(commit d21b36a), causing borg to treat existing repos as "previously
unknown". The bypass flag allows automated jobs to proceed without
interactive confirmation for unencrypted repositories.
This commit is contained in:
♥ Minnie ♥ 2025-10-14 20:29:37 +08:00
parent d21b36a1b0
commit bbe464d73b
Signed by: jasmine
GPG key ID: 8563E358D4E8040E
4 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/fuchsia/services/borgbackup/offsite.nix
View file

@ -81,7 +81,9 @@
passCommand = "cat ${config.age.secrets.borgbackup.path}";
};
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
environment = {
BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
};
compression = "zstd,9";
startAt = "14:00"; # Daily at 2pm when system is reliably awake

5
nixos/fuchsia/services/borgbackup/onsite.nix
View file

@ -75,7 +75,10 @@ in {
# No encryption for onsite backups (physical security assumed)
encryption.mode = "none";
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
environment = {
BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
};
compression = "zstd,9";
startAt = "hourly";

5
nixos/viridian/services/borgbackup/offsite.nix
View file

@ -100,7 +100,10 @@
passCommand = "cat ${config.age.secrets.borgbackup.path}";
};
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
environment = {
BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
};
compression = "zstd,9";
startAt = "daily"; # Daily at midnight

4
nixos/viridian/services/borgbackup/onsite.nix
View file

@ -103,6 +103,10 @@ in {
# No encryption for local backups (physical security assumed)
encryption.mode = "none";
environment = {
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
};
compression = "zstd,9";
startAt = "hourly";