From ba1905778e1e5b6a10a43f8cec8eaa9a1ccb3f31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Thu, 18 May 2023 17:15:45 +0200
Subject: [PATCH] backup: add extra paths

---
 modules/backup.nix | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/modules/backup.nix b/modules/backup.nix
index 686207c4..27b23cfa 100644
--- a/modules/backup.nix
+++ b/modules/backup.nix
@@ -41,8 +41,22 @@ in
             ];
             initialize = true;
             passwordFile = config.sops.secrets."restic/password".path;
-            paths = cfg.paths
-              ++ lib.optionals config.services.postgresql.enable [ "/var/backup/postgresql/" ];
+            paths = [
+              "/etc/group"
+              "/etc/machine-id"
+              "/etc/passwd"
+              "/etc/shadow"
+              "/etc/ssh/ssh_host_rsa_key"
+              "/etc/ssh/ssh_host_ed25519_key"
+              "/etc/ssh/ssh_host_ed25519_key.pub"
+              "/etc/ssh/ssh_host_rsa_key.pub"
+              "/etc/subgid"
+              "/etc/subuid"
+              "/var/lib/nixos/"
+            ] ++ cfg.paths
+              ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/"
+              ++ lib.optional (config.security.acme.certs != {}) "/var/lib/acme/"
+              ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/";
             pruneOpts = [
               "--group-by host"
               "--keep-daily 7"