From 1d485c3fa7e77611b25df119a76fb30e91097b6f Mon Sep 17 00:00:00 2001
From: glevy <glevy@crans.org>
Date: Sat, 8 Nov 2025 16:54:20 +0100
Subject: [PATCH] systemd n'est pas root

---
 roles/borgbackup-client/tasks/main.yml             | 14 ++++++++++++++
 .../templates/borgmatic/config.yaml.j2             |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml
index 2833d6b5..d88a4994 100644
--- a/roles/borgbackup-client/tasks/main.yml
+++ b/roles/borgbackup-client/tasks/main.yml
@@ -40,6 +40,20 @@
     mode: 0700
     owner: root
 
+- name: Création d'un dossier de cache accessible à systemd
+  file:
+    path: /var/borgmatic/cache
+    state: directory
+    mode: 0700
+    owner: root
+
+- name: Création d'un dossier /security accessible à systemd
+  file:
+  path: /var/lib/borg/security
+  state: directory
+  mode: 0700
+  owner: root
+
 - name: Deploy ssh private key
   template:
     src: borgmatic/id_ed25519_borg.j2
diff --git a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
index 6cd54ff8..32831f20 100644
--- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
+++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
@@ -32,8 +32,8 @@ storage:
     ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg {{ borg.ssh_options | default("") }}
     borg_base_directory: /etc/borgmatic
     borg_config_directory: /etc/borgmatic/config/
-    borg_cache_directory: /etc/borgmatic/cache
-    borg_security_directory: /etc/borgmatic/config/security
+    borg_cache_directory: /var/borgmatic/cache
+    borg_security_directory: /var/lib/borg/security
     borg_keys_directory: /etc/borgmatic/config/keys
     compression: 'lz4'
     umask: 0077