From ecb103a306a2f979a27aaf4f066e94b5d4265320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Neumann?= Date: Tue, 30 Sep 2025 08:52:21 +0200 Subject: [PATCH] nixos/borgbackup: Add option `wrapper` Add an option `service.borgbackup.jobs..wrapper` that allows to control the name of the installed wrapper script -- or even to disable its installation at all. Signed-off-by: Sefa Eyeoglu --- nixos/modules/services/backup/borgbackup.nix | 19 +++++++++++++++---- nixos/tests/borgbackup.nix | 12 ++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 2dffe39ba49f..759a4ae2b9ad 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -216,17 +216,18 @@ let '' ); + # Returns a singleton list, due to usage of lib.optional mkBorgWrapper = name: cfg: - mkWrapperDrv { + lib.optional (cfg.wrapper != "" && cfg.wrapper != null) (mkWrapperDrv { original = lib.getExe config.services.borgbackup.package; - name = "borg-job-${name}"; + name = cfg.wrapper; set = { BORG_REPO = cfg.repo; } // (mkPassEnv cfg) // cfg.environment; - }; + }); # Paths listed in ReadWritePaths must exist before service is started mkTmpfiles = @@ -488,6 +489,16 @@ in default = "root"; }; + wrapper = lib.mkOption { + type = with lib.types; nullOr str; + description = '' + Name of the wrapper that is installed into {env}`PATH`. + Set to `null` or `""` to disable it altogether. + ''; + default = "borg-job-${name}"; + defaultText = "borg-job-"; + }; + encryption.mode = lib.mkOption { type = lib.types.enum [ "repokey" @@ -898,7 +909,7 @@ in environment.systemPackages = [ config.services.borgbackup.package ] - ++ (lib.mapAttrsToList mkBorgWrapper jobs); + ++ (lib.flatten (lib.mapAttrsToList mkBorgWrapper jobs)); } ); } diff --git a/nixos/tests/borgbackup.nix b/nixos/tests/borgbackup.nix index 88d67c09f031..ae9f4f51bef5 100644 --- a/nixos/tests/borgbackup.nix +++ b/nixos/tests/borgbackup.nix @@ -79,6 +79,8 @@ in "--exclude-if-present" ".dont backup" ]; + + wrapper = "borg-main"; postHook = "echo post"; startAt = [ ]; # Do not run automatically }; @@ -87,6 +89,7 @@ in paths = dataDir; repo = localRepoMount; encryption.mode = "none"; + wrapper = null; startAt = [ ]; }; @@ -211,6 +214,9 @@ in "cat /mnt/borg/${dataDir}/${keepFile}" ) + # Make sure custom wrapper name works + client.succeed("command -v borg-main") + with subtest("localMount"): # the file system for the repo should not be already mounted client.fail("mount | grep ${localRepoMount}") @@ -222,6 +228,9 @@ in # Make sure exactly one archive has been created assert int(client.succeed("{} list '${localRepoMount}' | wc -l".format(borg))) > 0 + # Make sure disabling wrapper works + client.fail("command -v borg-job-localMount") + with subtest("remote"): borg = "BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519' borg" server.wait_for_unit("sshd.service") @@ -232,6 +241,9 @@ in # Make sure we can't access repos other than the specified one client.fail("{} list borg\@server:wrong".format(borg)) + # Make sure default wrapper works + client.succeed("command -v borg-job-remote") + # TODO: Make sure that data is actually deleted with subtest("remoteAppendOnly"):