From 360d3a1159d65c43df3970ef7ec69ed6837398a6 Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Sat, 22 Jul 2023 19:11:22 -0700
Subject: [PATCH] fix home-assistant backup configuration

---
 modules/home-assistant.nix | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/modules/home-assistant.nix b/modules/home-assistant.nix
index c6c78f5..24583aa 100644
--- a/modules/home-assistant.nix
+++ b/modules/home-assistant.nix
@@ -183,18 +183,21 @@ in
       }
     );
 
-    users.groups = {
-      hass = {
-        members = [ "backup" ];
-      };
+    # Adds the "backup" user to the "hass" group.
+    users.groups.hass = {
+      members = [ "backup" ];
     };
 
+    # This allows the "backup" user, member of the "backup" group, to access what's inside the home
+    # folder, which is needed for accessing the "backups" folder. It allows to read (r), enter the
+    # directory (x) but not modify what's inside.
+    users.users.hass.homeMode = "0750";
+
     systemd.services.home-assistant.serviceConfig = {
-      # Setup permissions needed for backups, as the backup user is member of the hass group.
+      # This allows all members of the "hass" group to read files, list directories and enter
+      # directories created by the home-assistant service. This is needed for the "backup" user,
+      # member of the "hass" group, to backup what is inside the "backup/" folder.
       UMask = lib.mkForce "0027";
-      StateDirectory = "hass";
-      StateDirectoryMode = lib.mkForce "0750";
-      SupplementaryGroups = [ config.users.groups.keys.name ];
     };
   };
 }