From 9a0900c81a276af20285325222920523e76b7b55 Mon Sep 17 00:00:00 2001
From: Franz Kafka <kafka@ashisgreat.xyz>
Date: Thu, 19 Mar 2026 14:50:24 +0000
Subject: [PATCH] fix(backup): correct backup paths and add missing services
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Replace stale /var/lib/bitwarden_rs with /var/lib/vaultwarden (correct DB path)
- Add /var/lib/private/AdGuardHome (DNS config, filters, query logs)
- Add /var/lib/sops-nix (age decryption key — critical for secret recovery)
- Add /var/lib/crowdsec (security engine state and decisions)
- Keep /var/backup/vaultwarden (built-in sqlite backup snapshots)

Note: Forgejo data path is still added dynamically by the forgejo module.
Note: OpenClaw Podman volume needs separate handling (named volume path on host).
---
 configuration.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index e06794c..4fcd4a4 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -175,6 +175,12 @@
   myModules.backup = {
     enable = true;
     repository = "b2:nixos-vps-backup2";
-    paths = [ "/var/lib/bitwarden_rs" "/var/backup/vaultwarden" ];
+    paths = [
+      "/var/lib/vaultwarden"         # Vaultwarden SQLite DB and attachments
+      "/var/backup/vaultwarden"      # Vaultwarden built-in backup snapshots
+      "/var/lib/private/AdGuardHome" # AdGuard Home config, filters, query logs
+      "/var/lib/sops-nix"           # SOPS age key (critical — decrypts all secrets)
+      "/var/lib/crowdsec"           # CrowdSec state, decisions, custom parsers
+    ];
   };
 }