From 3e4908fa0f98293d962a09d73839a55490bb2f94 Mon Sep 17 00:00:00 2001
From: Levi Zim <rsworktech@outlook.com>
Date: Tue, 21 Jan 2025 19:49:23 +0800
Subject: [PATCH] Set HOME to private /tmp for borgbackup

borg writes to $HOME/.config but in our case it also works on $HOME (/var/vmail).

This could cause the following error when running the backup: file changed while we backed it up

This commit fixes it by setting HOME to private /tmp for borg.
---
 mail-server/borgbackup.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mail-server/borgbackup.nix b/mail-server/borgbackup.nix
index ef83b0d..cfc7472 100644
--- a/mail-server/borgbackup.nix
+++ b/mail-server/borgbackup.nix
@@ -65,12 +65,16 @@ in {
       description = "borgbackup";
       unitConfig.Documentation = "man:borgbackup";
       script = borgScript;
+      # borg writes to $HOME/.config but in our case it also works on $HOME (/var/vmail)
+      # Setting $HOME to /tmp to avoid it
+      environment.HOME = "/tmp";
       serviceConfig = {
         User = cfg.user;
         Group = cfg.group;
         CPUSchedulingPolicy = "idle";
         IOSchedulingClass = "idle";
         ProtectSystem = "full";
+        PrivateTmp = true;
       };
       startAt = cfg.startAt;
     };