From 6954fbec9ab9b8ec4c55bed9b7d2fc14a2d0e8ea Mon Sep 17 00:00:00 2001
From: Dan <dleink@gmail.com>
Date: Sat, 10 Jan 2026 14:33:01 -0800
Subject: [PATCH] Add /home and /var/lib/acme to B2 backups

Closes r177. Critical DR gap - user home directories and ACME
certificates were not being backed up.

Excludes common caches that can be rebuilt:
- .cache, .npm/_cacache, .bun/install/cache
- node_modules, .nix-profile, .nix-defexpr
- Trash

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 modules/backup-b2.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/backup-b2.nix b/modules/backup-b2.nix
index aacde64..e887cfb 100644
--- a/modules/backup-b2.nix
+++ b/modules/backup-b2.nix
@@ -13,6 +13,8 @@ let
     "/var/lib/forgejo"                 # Git hosting (repos, avatars)
     "/var/lib/mautrix-slack"           # Bridge state
     "/var/lib/maubot"                  # Bot data
+    "/var/lib/acme"                    # Let's Encrypt certificates
+    "/home"                            # User home directories
   ];
 
   excludePatterns = [
@@ -20,6 +22,14 @@ let
     "*.pid"
     "*.log"
     "**/.git/objects/pack/*.tmp"       # Git temp files
+    # Home directory caches (can be rebuilt)
+    "/home/*/.cache"
+    "/home/*/.npm/_cacache"
+    "/home/*/.bun/install/cache"
+    "/home/*/node_modules"
+    "/home/*/.nix-profile"
+    "/home/*/.nix-defexpr"
+    "/home/*/.local/share/Trash"
   ];
 
   # Script to set up restic environment from sops secrets