nixos/borgbackup: Add option wrapper

Add an option `service.borgbackup.jobs.<name>.wrapper` that allows to control the name of the installed wrapper script -- or even to disable its installation at all. Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2025-11-09 16:18:34 +01:00 · 2025-09-30 08:52:21 +02:00 · 2025-09-30 08:52:21 +02:00 · ecb103a306
parent 24a75e9c80
commit ecb103a306
2 changed files with 27 additions and 4 deletions
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@ -216,17 +216,18 @@ let
        ''
      );

+  # Returns a singleton list, due to usage of lib.optional
  mkBorgWrapper =
    name: cfg:
-    mkWrapperDrv {
+    lib.optional (cfg.wrapper != "" && cfg.wrapper != null) (mkWrapperDrv {
      original = lib.getExe config.services.borgbackup.package;
-      name = "borg-job-${name}";
+      name = cfg.wrapper;
      set = {
        BORG_REPO = cfg.repo;
      }
      // (mkPassEnv cfg)
      // cfg.environment;
-    };
+    });

  # Paths listed in ReadWritePaths must exist before service is started
  mkTmpfiles =
@ -488,6 +489,16 @@ in
              default = "root";
            };

+            wrapper = lib.mkOption {
+              type = with lib.types; nullOr str;
+              description = ''
+                Name of the wrapper that is installed into {env}`PATH`.
+                Set to `null` or `""` to disable it altogether.
+              '';
+              default = "borg-job-${name}";
+              defaultText = "borg-job-<name>";
+            };
+
            encryption.mode = lib.mkOption {
              type = lib.types.enum [
                "repokey"
@ -898,7 +909,7 @@ in
      environment.systemPackages = [
        config.services.borgbackup.package
      ]
-      ++ (lib.mapAttrsToList mkBorgWrapper jobs);
+      ++ (lib.flatten (lib.mapAttrsToList mkBorgWrapper jobs));
    }
  );
 }
--- a/nixos/tests/borgbackup.nix
+++ b/nixos/tests/borgbackup.nix
@ -79,6 +79,8 @@ in
              "--exclude-if-present"
              ".dont backup"
            ];
+
+            wrapper = "borg-main";
            postHook = "echo post";
            startAt = [ ]; # Do not run automatically
          };
@ -87,6 +89,7 @@ in
            paths = dataDir;
            repo = localRepoMount;
            encryption.mode = "none";
+            wrapper = null;
            startAt = [ ];
          };

@ -211,6 +214,9 @@ in
            "cat /mnt/borg/${dataDir}/${keepFile}"
        )

+        # Make sure custom wrapper name works
+        client.succeed("command -v borg-main")
+
    with subtest("localMount"):
        # the file system for the repo should not be already mounted
        client.fail("mount | grep ${localRepoMount}")
@ -222,6 +228,9 @@ in
        # Make sure exactly one archive has been created
        assert int(client.succeed("{} list '${localRepoMount}' | wc -l".format(borg))) > 0

+        # Make sure disabling wrapper works
+        client.fail("command -v borg-job-localMount")
+
    with subtest("remote"):
        borg = "BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519' borg"
        server.wait_for_unit("sshd.service")
@ -232,6 +241,9 @@ in
        # Make sure we can't access repos other than the specified one
        client.fail("{} list borg\@server:wrong".format(borg))

+        # Make sure default wrapper works
+        client.succeed("command -v borg-job-remote")
+
        # TODO: Make sure that data is actually deleted

    with subtest("remoteAppendOnly"):