From 31bd460c5e4c41f9d383d867649d70cf7376919f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 3 Jan 2025 20:18:18 +0100
Subject: ...

---
 hosts/vidhar/pgbackrest/default.nix | 9 ++++++---
 hosts/vidhar/postgresql.nix         | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix
index ffb149f5..1e0828ce 100644
--- a/hosts/vidhar/pgbackrest/default.nix
+++ b/hosts/vidhar/pgbackrest/default.nix
@@ -130,8 +130,9 @@ in {
     };
 
     systemd.tmpfiles.rules = [
-      "d /var/lib/pgbackrest 0750 pgbackrest pgbackrest - -"
-      "d /var/spool/pgbackrest 0750 pgbackrest pgbackrest - -"
+      "d /var/lib/pgbackrest 0770 pgbackrest pgbackrest - -"
+      "d /var/spool/pgbackrest 0770 pgbackrest pgbackrest - -"
+      "d /tmp/pgbackrest 0770 pgbackrest pgbackrest - -"
     ];
 
     users = {
@@ -141,7 +142,9 @@ in {
         isSystemUser = true;
         home = "/var/lib/pgbackrest";
       };
-      groups.pgbackrest = {};
+      groups.pgbackrest = {
+        members = [ "postgres" ];
+      };
     };
 
     systemd.services."pgbackrest-tls-server".serviceConfig = {
diff --git a/hosts/vidhar/postgresql.nix b/hosts/vidhar/postgresql.nix
index fa5b734f..7e44e69f 100644
--- a/hosts/vidhar/postgresql.nix
+++ b/hosts/vidhar/postgresql.nix
@@ -28,5 +28,9 @@ in {
         timerConfig.OnCalendar = "daily";
       };
     };
+
+    systemd.services.postgresql.serviceConfig = {
+      ReadWritePaths = [ "/var/spool/pgbackrest" "/var/lib/pgbackrest/archive/vidhar" ];
+    };
   };
 }
-- 
cgit v1.2.3