diff options
| author | Elias Probst <mail@eliasprobst.eu> | 2020-10-04 18:47:52 +0200 |
|---|---|---|
| committer | Cole Helbling <cole.e.helbling@outlook.com> | 2021-01-30 18:24:51 -0800 |
| commit | 27da11972d3fd9353f81e94a6549e8a0da40f45d (patch) | |
| tree | c92e69538f44b9a06f77ae96e0e88d1effc88595 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 1fb2d04c269782c305630bb8ad151dc0f82fc802 (diff) | |
nixos/restic: correct location of cache directory
By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.
The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.
systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.
Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.
[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions