From b405988e608499724ad77aefe15469d38eb172d4 Mon Sep 17 00:00:00 2001
From: Pierre Penninckx <github@pierre.tiserbox.com>
Date: Thu, 24 Oct 2024 21:21:01 +0200
Subject: [PATCH] fix lldap backup (#323)

closes #319
---
 modules/blocks/ldap.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/blocks/ldap.nix b/modules/blocks/ldap.nix
index 25c40e9..48f9ca8 100644
--- a/modules/blocks/ldap.nix
+++ b/modules/blocks/ldap.nix
@@ -112,9 +112,12 @@ in
       '';
       readOnly = true;
       default = {
-        user = "lldap";
+        # TODO: is there a workaround that avoid needing to use root?
+        # root because otherwise we cannot access the private StateDiretory
+        user = "root";
+        # /private because the systemd service uses DynamicUser=true
         sourceDirectories = [
-          "/var/lib/lldap"
+          "/var/lib/private/lldap"
         ];
       };
     };