From 4f313843298d60d94bbcb959e0bdf8afa114cbed Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Thu, 19 Jun 2025 21:47:21 +0200
Subject: [PATCH] Fix nextcloud backups

---
 modules/system/services/nextcloud/backups.nix      | 12 +++++++++---
 modules/system/services/restic-backups/default.nix |  3 +++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/system/services/nextcloud/backups.nix b/modules/system/services/nextcloud/backups.nix
index e1d1b7b..7fdad6f 100644
--- a/modules/system/services/nextcloud/backups.nix
+++ b/modules/system/services/nextcloud/backups.nix
@@ -1,7 +1,13 @@
-{ config, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
   cfg = config.custom.services.nextcloud;
 
+  user = config.users.users.nextcloud.name;
   dataDir = config.services.nextcloud.home;
 in
 {
@@ -12,7 +18,7 @@ in
       extraConfig = {
         backupPrepareCommand = ''
           ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
-          ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
+          ${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
         '';
         backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off";
         paths = [
@@ -25,7 +31,7 @@ in
       restoreCommand = {
         preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on";
         postRestore = ''
-          pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
+          sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
           ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
         '';
       };
diff --git a/modules/system/services/restic-backups/default.nix b/modules/system/services/restic-backups/default.nix
index e392035..5a3c420 100644
--- a/modules/system/services/restic-backups/default.nix
+++ b/modules/system/services/restic-backups/default.nix
@@ -30,6 +30,9 @@ in
       "restic/password" = { };
     };
 
+    systemd.tmpfiles.rules =
+      resticBackups |> lib.mapAttrsToList (name: _: "d /var/cache/restic-backups-${name} 700 - - -");
+
     services.restic.backups =
       resticBackups
       |> lib.mapAttrs (