From ed5dd028796a256cc26061ed5c3285b8a2c3cf24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 21 Jul 2024 18:21:37 +0200
Subject: [PATCH 1/3] also fix user-password with password-store

---
 clanModules/root-password/default.nix | 6 +++---
 clanModules/user-password/default.nix | 6 +++++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/clanModules/root-password/default.nix b/clanModules/root-password/default.nix
index 9c901f30e..7d7a7195e 100644
--- a/clanModules/root-password/default.nix
+++ b/clanModules/root-password/default.nix
@@ -9,9 +9,9 @@
   users.users.root.hashedPasswordFile =
     config.clan.core.facts.services.root-password.secret.password-hash.path;
 
-  sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = lib.mkIf (
-    config.clan.core.facts.secretStore == "sops"
-  ) true;
+  sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
+    "${config.clan.core.machineName}-password-hash".neededForUsers =  true;
+  };
 
   clan.core.facts.services.root-password = {
     secret.password = { };
diff --git a/clanModules/user-password/default.nix b/clanModules/user-password/default.nix
index f76c7f397..9f2643a2e 100644
--- a/clanModules/user-password/default.nix
+++ b/clanModules/user-password/default.nix
@@ -23,7 +23,11 @@
     users.mutableUsers = false;
     users.users.${config.clan.user-password.user}.hashedPasswordFile =
       config.clan.core.facts.services.user-password.secret.user-password-hash.path;
-    sops.secrets."${config.clan.core.machineName}-user-password-hash".neededForUsers = true;
+
+    sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
+      "${config.clan.core.machineName}-user-password-hash".neededForUsers =  true;
+    };
+
     clan.core.facts.services.user-password = {
       secret.user-password = { };
       secret.user-password-hash = { };

From 00bad3d614e6fcc856b096c0c75da5c7d000bb9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 21 Jul 2024 19:06:09 +0200
Subject: [PATCH 2/3] borgbackup: add exclude option

---
 clanModules/borgbackup/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clanModules/borgbackup/default.nix b/clanModules/borgbackup/default.nix
index fbc05db23..9d32e8d37 100644
--- a/clanModules/borgbackup/default.nix
+++ b/clanModules/borgbackup/default.nix
@@ -106,6 +106,16 @@ in
     '';
   };
 
+  options.clan.borgbackup.exclude = lib.mkOption {
+    type = lib.types.listOf lib.types.str;
+    example = [ "*.pyc" ];
+    default = [];
+    description = ''
+      Directories/Files to exclude from the backup.
+      Use * as a wildcard.
+    '';
+  };
+
   imports = [
     (lib.mkRemovedOptionModule [
       "clan"
@@ -129,7 +139,7 @@ in
       paths = lib.unique (
         lib.flatten (map (state: state.folders) (lib.attrValues config.clan.core.state))
       );
-      exclude = [ "*.pyc" ];
+      exclude = cfg.exclude;
       repo = dest.repo;
       environment.BORG_RSH = dest.rsh;
       compression = "auto,zstd";

From c8407e2052414910ef98c59770946d156ab3a909 Mon Sep 17 00:00:00 2001
From: Johannes Kirschbauer <hsjobeki@gmail.com>
Date: Wed, 24 Jul 2024 10:37:19 +0200
Subject: [PATCH 3/3] Python Inventory classes: Auto-update

---
 clanModules/borgbackup/default.nix          | 2 +-
 clanModules/root-password/default.nix       | 2 +-
 clanModules/user-password/default.nix       | 2 +-
 pkgs/clan-cli/clan_cli/inventory/classes.py | 1 +
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/clanModules/borgbackup/default.nix b/clanModules/borgbackup/default.nix
index 9d32e8d37..760e1afe8 100644
--- a/clanModules/borgbackup/default.nix
+++ b/clanModules/borgbackup/default.nix
@@ -109,7 +109,7 @@ in
   options.clan.borgbackup.exclude = lib.mkOption {
     type = lib.types.listOf lib.types.str;
     example = [ "*.pyc" ];
-    default = [];
+    default = [ ];
     description = ''
       Directories/Files to exclude from the backup.
       Use * as a wildcard.
diff --git a/clanModules/root-password/default.nix b/clanModules/root-password/default.nix
index 7d7a7195e..a340730e3 100644
--- a/clanModules/root-password/default.nix
+++ b/clanModules/root-password/default.nix
@@ -10,7 +10,7 @@
     config.clan.core.facts.services.root-password.secret.password-hash.path;
 
   sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
-    "${config.clan.core.machineName}-password-hash".neededForUsers =  true;
+    "${config.clan.core.machineName}-password-hash".neededForUsers = true;
   };
 
   clan.core.facts.services.root-password = {
diff --git a/clanModules/user-password/default.nix b/clanModules/user-password/default.nix
index 9f2643a2e..14b1f0177 100644
--- a/clanModules/user-password/default.nix
+++ b/clanModules/user-password/default.nix
@@ -25,7 +25,7 @@
       config.clan.core.facts.services.user-password.secret.user-password-hash.path;
 
     sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
-      "${config.clan.core.machineName}-user-password-hash".neededForUsers =  true;
+      "${config.clan.core.machineName}-user-password-hash".neededForUsers = true;
     };
 
     clan.core.facts.services.user-password = {
diff --git a/pkgs/clan-cli/clan_cli/inventory/classes.py b/pkgs/clan-cli/clan_cli/inventory/classes.py
index 7712932a3..41d116831 100644
--- a/pkgs/clan-cli/clan_cli/inventory/classes.py
+++ b/pkgs/clan-cli/clan_cli/inventory/classes.py
@@ -39,6 +39,7 @@ class BorgbackupConfigDestination:
 @dataclass
 class BorgbackupConfig:
     destinations: dict[str, BorgbackupConfigDestination] = field(default_factory = dict)
+    exclude: list[str] = field(default_factory = list)
 
 
 @dataclass