From 3f6af244f69803f45136256d77c56cecd07da4ba Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 19 Jan 2026 17:38:48 -0800 Subject: [PATCH] Fix borgmatic borg path and add k8s-pg ACL grant - Add local_path option to borgmatic config for borg binary - Add ACL grant for tag:homelab -> tag:k8s on port 5432 Co-Authored-By: Claude Opus 4.5 --- ansible/roles/borgmatic/defaults/main.yml | 3 +++ ansible/roles/borgmatic/templates/config.yaml.j2 | 3 +++ pulumi/policy.hujson | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/ansible/roles/borgmatic/defaults/main.yml b/ansible/roles/borgmatic/defaults/main.yml index a62e5de..0189321 100644 --- a/ansible/roles/borgmatic/defaults/main.yml +++ b/ansible/roles/borgmatic/defaults/main.yml @@ -3,6 +3,9 @@ borgmatic_config: /Users/erichblume/.config/borgmatic/config.yaml borgmatic_config_dir: /Users/erichblume/.config/borgmatic borgmatic_log_dir: /Users/erichblume/Library/Logs +# Full path to borg binary since LaunchAgent doesn't have homebrew in PATH +borgmatic_local_path: /opt/homebrew/bin/borg + # Schedule: runs daily at 2:00 AM borgmatic_schedule_hour: 2 borgmatic_schedule_minute: 0 diff --git a/ansible/roles/borgmatic/templates/config.yaml.j2 b/ansible/roles/borgmatic/templates/config.yaml.j2 index 6bfb835..2e2bf0f 100644 --- a/ansible/roles/borgmatic/templates/config.yaml.j2 +++ b/ansible/roles/borgmatic/templates/config.yaml.j2 @@ -1,5 +1,8 @@ # {{ ansible_managed }} +# Path to borg binary (LaunchAgent doesn't have homebrew in PATH) +local_path: {{ borgmatic_local_path }} + source_directories: {% for dir in borgmatic_source_directories %} - {{ dir }} diff --git a/pulumi/policy.hujson b/pulumi/policy.hujson index c575037..142326b 100644 --- a/pulumi/policy.hujson +++ b/pulumi/policy.hujson @@ -74,6 +74,12 @@ "dst": ["tag:homelab"], "ip": ["tcp:3001", "tcp:2200"], }, + // Homelab can reach k8s PostgreSQL for borgmatic backups + { + "src": ["tag:homelab"], + "dst": ["tag:k8s"], + "ip": ["tcp:5432"], + }, ], // ============== SSH Access ==============