start new pbs-config workspace

moved src/config/domains.rs

Cargo.toml

@@ -22,6 +22,7 @@ exclude = [ "build", "debian", "tests/catar_data/test_symlink/symlink1"]
 members = [
     "pbs-buildcfg",
     "pbs-client",
+    "pbs-config",
     "pbs-datastore",
     "pbs-fuse-loop",
     "pbs-runtime",
@@ -102,6 +103,7 @@ proxmox-openid = "0.7.0"
 pbs-api-types = { path = "pbs-api-types" }
 pbs-buildcfg = { path = "pbs-buildcfg" }
 pbs-client = { path = "pbs-client" }
+pbs-config = { path = "pbs-config" }
 pbs-datastore = { path = "pbs-datastore" }
 pbs-runtime = { path = "pbs-runtime" }
 pbs-systemd = { path = "pbs-systemd" }

Makefile

@@ -35,6 +35,7 @@ SUBCRATES := \
 	pbs-api-types \
 	pbs-buildcfg \
 	pbs-client \
+	pbs-config \
 	pbs-datastore \
 	pbs-fuse-loop \
 	pbs-runtime \

pbs-api-types/src/lib.rs

@@ -152,6 +152,12 @@ pub const DATASTORE_SCHEMA: Schema = StringSchema::new("Datastore name.")
     .max_length(32)
     .schema();
 
+pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
+    .format(&PROXMOX_SAFE_ID_FORMAT)
+    .min_length(2)
+    .max_length(32)
+    .schema();
+
 pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
     ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);
 

pbs-config/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "pbs-config"
+version = "0.1.0"
+authors = ["Proxmox Support Team <support@proxmox.com>"]
+edition = "2018"
+description = "Configuration file management for PBS"
+
+[dependencies]
+anyhow = "1.0"
+lazy_static = "1.4"
+serde = { version = "1.0", features = ["derive"] }
+openssl = "0.10"
+nix = "0.19.1"
+
+
+proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
+
+pbs-api-types = { path = "../pbs-api-types" }
+pbs-buildcfg = { path = "../pbs-buildcfg" }
+pbs-tools = { path = "../pbs-tools" }

pbs-config/src/domains.rs

@@ -13,8 +13,8 @@ use proxmox::api::{
     }
 };
 
-use crate::api2::types::*;
+use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
 
 lazy_static! {
     pub static ref CONFIG: SectionConfig = init();
@@ -115,7 +115,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
+    replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

pbs-config/src/lib.rs

@@ -0,0 +1,83 @@
+pub mod domains;
+
+use anyhow::{format_err, Error};
+
+pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
+
+/// Return User info for the 'backup' user (``getpwnam_r(3)``)
+pub fn backup_user() -> Result<nix::unistd::User, Error> {
+    pbs_tools::sys::query_user(BACKUP_USER_NAME)?
+        .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
+}
+
+/// Return Group info for the 'backup' group (``getgrnam(3)``)
+pub fn backup_group() -> Result<nix::unistd::Group, Error> {
+    pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
+        .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
+}
+pub struct BackupLockGuard(std::fs::File);
+
+/// Open or create a lock file owned by user "backup" and lock it.
+///
+/// Owner/Group of the file is set to backup/backup.
+/// File mode is 0660.
+/// Default timeout is 10 seconds.
+///
+/// Note: This method needs to be called by user "root" or "backup".
+pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
+    path: P,
+    timeout: Option<std::time::Duration>,
+    exclusive: bool,
+) -> Result<BackupLockGuard, Error> {
+    let user = backup_user()?;
+    let options = proxmox::tools::fs::CreateOptions::new()
+        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
+        .owner(user.uid)
+        .group(user.gid);
+
+    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
+
+    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
+    Ok(BackupLockGuard(file))
+}
+
+/// Atomically write data to file owned by "root:backup" with permission "0640"
+///
+/// Only the superuser can write those files, but group 'backup' can read them.
+pub fn replace_backup_config<P: AsRef<std::path::Path>>(
+    path: P,
+    data: &[u8],
+) -> Result<(), Error> {
+    let backup_user = backup_user()?;
+    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
+    // set the correct owner/group/permissions while saving file
+    // owner(rw) = root, group(r)= backup
+    let options = proxmox::tools::fs::CreateOptions::new()
+        .perm(mode)
+        .owner(nix::unistd::ROOT)
+        .group(backup_user.gid);
+
+    proxmox::tools::fs::replace_file(path, data, options)?;
+
+    Ok(())
+}
+
+/// Atomically write data to file owned by "root:root" with permission "0600"
+///
+/// Only the superuser can read and write those files.
+pub fn replace_secret_config<P: AsRef<std::path::Path>>(
+    path: P,
+    data: &[u8],
+) -> Result<(), Error> {
+    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
+    // set the correct owner/group/permissions while saving file
+    // owner(rw) = root, group(r)= root
+    let options = proxmox::tools::fs::CreateOptions::new()
+        .perm(mode)
+        .owner(nix::unistd::ROOT)
+        .group(nix::unistd::Gid::from_raw(0));
+
+    proxmox::tools::fs::replace_file(path, data, options)?;
+
+    Ok(())
+}

src/api2/access/acl.rs

@@ -8,7 +8,7 @@ use crate::api2::types::*;
 use crate::config::acl;
 use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
 use crate::config::cached_user_info::CachedUserInfo;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 fn extract_acl_node_data(
     node: &acl::AclTreeNode,

src/api2/access/domain.rs

@@ -7,8 +7,7 @@ use serde_json::{json, Value};
 
 use proxmox::api::{api, Permission, Router, RpcEnvironment};
 
-use crate::config;
+use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
-use crate::api2::types::*;
 
 #[api]
 #[derive(Deserialize, Serialize, PartialEq, Eq)]
@@ -81,7 +80,7 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
         "comment": "Proxmox Backup authentication server",
     }))?);
 
-    let (config, digest) = config::domains::config()?;
+    let (config, digest) = pbs_config::domains::config()?;
 
     for (_, (section_type, v)) in config.sections.iter() {
         let mut entry = v.clone();

src/api2/access/openid.rs

@@ -15,13 +15,13 @@ use proxmox_openid::{OpenIdAuthenticator,  OpenIdConfig};
 use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
 use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::Ticket;
+use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
 
 use crate::server::ticket::ApiTicket;
 
-use crate::config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
 use crate::config::cached_user_info::CachedUserInfo;
 
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 use crate::api2::types::*;
 use crate::auth_helpers::*;
@@ -88,7 +88,7 @@ pub fn openid_login(
     let (realm, private_auth_state) =
         OpenIdAuthenticator::verify_public_auth_state(PROXMOX_BACKUP_RUN_DIR_M!(), &state)?;
 
-    let (domains, _digest) = crate::config::domains::config()?;
+    let (domains, _digest) = pbs_config::domains::config()?;
     let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
 
     let open_id = openid_authenticator(&config, &redirect_url)?;
@@ -182,7 +182,7 @@ fn openid_auth_url(
     _rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {
 
-    let (domains, _digest) = crate::config::domains::config()?;
+    let (domains, _digest) = pbs_config::domains::config()?;
     let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
 
     let open_id = openid_authenticator(&config, &redirect_url)?;

src/api2/access/user.rs

@@ -18,7 +18,7 @@ use crate::config::user;
 use crate::config::token_shadow;
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
 use crate::config::cached_user_info::CachedUserInfo;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
     .format(&PASSWORD_FORMAT)

src/api2/config/access/openid.rs

@@ -6,7 +6,7 @@ use ::serde::{Deserialize, Serialize};
 
 use proxmox::api::{api, Permission, Router, RpcEnvironment};
 
-use crate::config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
+use pbs_config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_REALM_ALLOCATE};
 use crate::api2::types::*;
 

src/api2/config/datastore.rs

@@ -10,6 +10,7 @@ use proxmox::api::schema::{ApiType, parse_property_string};
 
 use pbs_datastore::chunk_store::ChunkStore;
 use pbs_datastore::task::TaskState;
+use pbs_config::BackupLockGuard;
 
 use crate::api2::config::sync::delete_sync_job;
 use crate::api2::config::verify::delete_verification_job;
@@ -19,7 +20,6 @@ use crate::api2::admin::{
     verify::list_verification_jobs,
 };
 use crate::api2::types::*;
-use crate::backup::BackupLockGuard;
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::datastore::{self, DataStoreConfig, DataStoreConfigUpdater};
 use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
@@ -68,7 +68,7 @@ pub(crate) fn do_create_datastore(
 ) -> Result<(), Error> {
     let path: PathBuf = datastore.path.clone().into();
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let _store = ChunkStore::create(&datastore.name, path, backup_user.uid, backup_user.gid, worker)?;
 
     config.set_data(&datastore.name, "datastore", &datastore)?;

src/api2/config/remote.rs

@@ -11,7 +11,7 @@ use crate::api2::types::*;
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::remote;
 use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 #[api(
     input: {

src/api2/config/sync.rs

@@ -17,7 +17,7 @@ use crate::config::acl::{
 
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::sync::{self, SyncJobConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 pub fn check_sync_job_read_access(
     user_info: &CachedUserInfo,

src/api2/config/tape_backup_job.rs

@@ -3,6 +3,7 @@ use serde_json::Value;
 use ::serde::{Deserialize, Serialize};
 
 use proxmox::api::{api, Router, RpcEnvironment, Permission};
+use pbs_config::open_backup_lockfile;
 
 use crate::{
     api2::types::{
@@ -16,7 +17,6 @@ use crate::{
         MEDIA_POOL_NAME_SCHEMA,
         SYNC_SCHEDULE_SCHEMA,
     },
-    backup::open_backup_lockfile,
     config::{
         self,
         cached_user_info::CachedUserInfo,

src/api2/config/tape_encryption_keys.rs

@@ -14,6 +14,7 @@ use proxmox::{
 use pbs_api_types::Fingerprint;
 use pbs_datastore::{KeyInfo, Kdf};
 use pbs_datastore::key_derivation::KeyConfig;
+use pbs_config::open_backup_lockfile;
 
 use crate::{
     config::{
@@ -35,7 +36,6 @@ use crate::{
         PROXMOX_CONFIG_DIGEST_SCHEMA,
         PASSWORD_HINT_SCHEMA,
     },
-    backup::open_backup_lockfile,
 };
 
 #[api(

src/api2/config/verify.rs

@@ -13,7 +13,7 @@ use crate::config::acl::{
 
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::verify::{self, VerificationJobConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 #[api(
     input: {

src/api2/node/disks/directory.rs

@@ -17,7 +17,7 @@ use crate::server::WorkerTask;
 
 use crate::api2::types::*;
 use crate::config::datastore::{self, DataStoreConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 #[api(
     properties: {

src/api2/node/network.rs

@@ -9,7 +9,7 @@ use crate::config::network::{self, NetworkConfig};
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
 use crate::api2::types::*;
 use crate::server::{WorkerTask};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 fn split_interface_list(list: &str) -> Result<Vec<String>, Error> {
     let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?;

src/api2/types/mod.rs

@@ -331,12 +331,6 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name
     .max_length(64)
     .schema();
 
-pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
-    .format(&PROXMOX_SAFE_ID_FORMAT)
-    .min_length(2)
-    .max_length(32)
-    .schema();
-
 // Complex type definitions
 
 #[api(

src/auth_helpers.rs

@@ -95,7 +95,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
 
     use nix::sys::stat::Mode;
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
 
     replace_file(
         &path,
@@ -129,7 +129,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
 
     let public_pem = rsa.public_key_to_pem()?;
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
 
     replace_file(
         &public_path,

src/backup/datastore.rs

@@ -31,7 +31,7 @@ use pbs_tools::fs::{lock_dir_noblock, DirLockGuard};
 
 use crate::config::datastore::{self, DataStoreConfig};
 use crate::tools;
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
 
 lazy_static! {
@@ -700,7 +700,7 @@ impl DataStore {
                 let mut path = self.base_path();
                 path.push(".gc-status");
 
-                let backup_user = crate::backup::backup_user()?;
+                let backup_user = pbs_config::backup_user()?;
                 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
                 // set the correct owner/group/permissions while saving file
                 // owner(rw) = backup, group(r)= backup

src/backup/mod.rs

@@ -1,24 +1,8 @@
 //! Server/client-specific parts for what's otherwise in pbs-datastore.
 
-use anyhow::{format_err, Error};
-
 // Note: .pcat1 => Proxmox Catalog Format version 1
 pub const CATALOG_NAME: &str = "catalog.pcat1.didx";
 
-pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
-
-/// Return User info for the 'backup' user (``getpwnam_r(3)``)
-pub fn backup_user() -> Result<nix::unistd::User, Error> {
-    pbs_tools::sys::query_user(BACKUP_USER_NAME)?
-        .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
-}
-
-/// Return Group info for the 'backup' group (``getgrnam(3)``)
-pub fn backup_group() -> Result<nix::unistd::Group, Error> {
-    pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
-        .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
-}
-
 // Split
 mod read_chunk;
 pub use read_chunk::*;
@@ -28,70 +12,3 @@ pub use datastore::*;
 
 mod verify;
 pub use verify::*;
-
-pub struct BackupLockGuard(std::fs::File);
-
-/// Open or create a lock file owned by user "backup" and lock it.
-///
-/// Owner/Group of the file is set to backup/backup.
-/// File mode is 0660.
-/// Default timeout is 10 seconds.
-///
-/// Note: This method needs to be called by user "root" or "backup".
-pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
-    path: P,
-    timeout: Option<std::time::Duration>,
-    exclusive: bool,
-) -> Result<BackupLockGuard, Error> {
-    let user = backup_user()?;
-    let options = proxmox::tools::fs::CreateOptions::new()
-        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
-        .owner(user.uid)
-        .group(user.gid);
-
-    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
-
-    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
-    Ok(BackupLockGuard(file))
-}
-
-/// Atomically write data to file owned by "root:backup" with permission "0640"
-///
-/// Only the superuser can write those files, but group 'backup' can read them.
-pub fn replace_backup_config<P: AsRef<std::path::Path>>(
-    path: P,
-    data: &[u8],
-) -> Result<(), Error> {
-    let backup_user = backup_user()?;
-    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
-    // set the correct owner/group/permissions while saving file
-    // owner(rw) = root, group(r)= backup
-    let options = proxmox::tools::fs::CreateOptions::new()
-        .perm(mode)
-        .owner(nix::unistd::ROOT)
-        .group(backup_user.gid);
-
-    proxmox::tools::fs::replace_file(path, data, options)?;
-
-    Ok(())
-}
-
-/// Atomically write data to file owned by "root:root" with permission "0600"
-///
-/// Only the superuser can read and write those files.
-pub fn replace_secret_config<P: AsRef<std::path::Path>>(
-    path: P,
-    data: &[u8],
-) -> Result<(), Error> {
-    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
-    // set the correct owner/group/permissions while saving file
-    // owner(rw) = root, group(r)= root
-    let options = proxmox::tools::fs::CreateOptions::new()
-        .perm(mode)
-        .owner(nix::unistd::ROOT)
-        .group(nix::unistd::Gid::from_raw(0));
-
-    proxmox::tools::fs::replace_file(path, data, options)?;
-
-    Ok(())
-}

src/bin/proxmox-backup-proxy.rs

@@ -53,8 +53,8 @@ use proxmox_backup::server::do_prune_job;
 fn main() -> Result<(), Error> {
     proxmox_backup::tools::setup_safe_path_env();
 
-    let backup_uid = proxmox_backup::backup::backup_user()?.uid;
+    let backup_uid = pbs_config::backup_user()?.uid;
-    let backup_gid = proxmox_backup::backup::backup_group()?.gid;
+    let backup_gid = pbs_config::backup_group()?.gid;
     let running_uid = nix::unistd::Uid::effective();
     let running_gid = nix::unistd::Gid::effective();
 

src/bin/proxmox_backup_manager/openid.rs

@@ -3,7 +3,9 @@ use serde_json::Value;
 
 use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
 
-use proxmox_backup::{config, api2, api2::types::REALM_ID_SCHEMA};
+use pbs_api_types::REALM_ID_SCHEMA;
+
+use proxmox_backup::api2;
 
 
 #[api(
@@ -73,25 +75,25 @@ pub fn openid_commands() -> CommandLineInterface {
         .insert("list", CliCommand::new(&&API_METHOD_LIST_OPENID_REALMS))
         .insert("show", CliCommand::new(&&API_METHOD_SHOW_OPENID_REALM)
                 .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
         )
         .insert("create",
                 CliCommand::new(&api2::config::access::openid::API_METHOD_CREATE_OPENID_REALM)
                 .arg_param(&["realm"])
                 .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
         )
         .insert("update",
                 CliCommand::new(&api2::config::access::openid::API_METHOD_UPDATE_OPENID_REALM)
                 .arg_param(&["realm"])
                 .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
         )
         .insert("delete",
                 CliCommand::new(&api2::config::access::openid::API_METHOD_DELETE_OPENID_REALM)
                 .arg_param(&["realm"])
                 .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
         )
         ;
 

src/bin/sg-tape-cmd.rs

@@ -142,8 +142,8 @@ fn set_encryption(
 fn main() -> Result<(), Error> {
 
     // check if we are user root or backup
-    let backup_uid = proxmox_backup::backup::backup_user()?.uid;
+    let backup_uid = pbs_config::backup_user()?.uid;
-    let backup_gid = proxmox_backup::backup::backup_group()?.gid;
+    let backup_gid = pbs_config::backup_group()?.gid;
     let running_uid = nix::unistd::Uid::current();
     let running_gid = nix::unistd::Gid::current();
 

src/config/acl.rs

@@ -911,7 +911,7 @@ pub fn save_config(acl: &AclTree) -> Result<(), Error> {
 
     acl.write_config(&mut raw)?;
 
-    crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw)
+    pbs_config::replace_backup_config(ACL_CFG_FILENAME, &raw)
 }
 
 #[cfg(test)]

src/config/acme/plugin.rs

@@ -9,8 +9,8 @@ use proxmox::api::{
     section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin},
 };
 
-use crate::api2::types::PROXMOX_SAFE_ID_FORMAT;
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_api_types::PROXMOX_SAFE_ID_FORMAT;
 
 pub const PLUGIN_ID_SCHEMA: Schema = StringSchema::new("ACME Challenge Plugin ID.")
     .format(&PROXMOX_SAFE_ID_FORMAT)
@@ -162,7 +162,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> {
 pub fn save_config(config: &PluginData) -> Result<(), Error> {
     super::make_acme_dir()?;
     let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?;
-    crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
 }
 
 pub struct PluginData {

src/config/datastore.rs

@@ -13,8 +13,9 @@ use proxmox::api::{
     }
 };
 
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
+
 use crate::api2::types::*;
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
 
 lazy_static! {
     pub static ref CONFIG: SectionConfig = init();
@@ -152,7 +153,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/config/drive.rs

@@ -27,8 +27,9 @@ use proxmox::{
     },
 };
 
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
+
 use crate::{
-    backup::{open_backup_lockfile, BackupLockGuard},
     api2::types::{
         DRIVE_NAME_SCHEMA,
         VirtualTapeDrive,
@@ -93,7 +94,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 /// Save the configuration file
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
 }
 
 /// Check if the specified drive name exists in the config.

src/config/media_pool.rs

@@ -22,8 +22,9 @@ use proxmox::{
     },
 };
 
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
+
 use crate::{
-    backup::{open_backup_lockfile, BackupLockGuard},
     api2::types::{
         MEDIA_POOL_NAME_SCHEMA,
         MediaPoolConfig,
@@ -72,7 +73,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 /// Save the configuration file
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/config/mod.rs

@@ -30,7 +30,6 @@ pub mod drive;
 pub mod media_pool;
 pub mod tape_encryption_keys;
 pub mod tape_job;
-pub mod domains;
 
 /// Check configuration directory permissions
 ///
@@ -40,7 +39,7 @@ pub mod domains;
 pub fn check_configdir_permissions() -> Result<(), Error> {
     let cfgdir = pbs_buildcfg::CONFIGDIR;
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let backup_uid = backup_user.uid.as_raw();
     let backup_gid = backup_user.gid.as_raw();
 
@@ -85,7 +84,7 @@ pub fn create_configdir() -> Result<(), Error> {
         ),
     }
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
 
     nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
         .map_err(|err| {
@@ -197,9 +196,9 @@ pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(
     let cert_path = PathBuf::from(configdir!("/proxy.pem"));
 
     create_configdir()?;
-    crate::backup::replace_backup_config(&key_path, key_pem)
+    pbs_config::replace_backup_config(&key_path, key_pem)
         .map_err(|err| format_err!("error writing certificate private key - {}", err))?;
-    crate::backup::replace_backup_config(&cert_path, &cert_pem)
+    pbs_config::replace_backup_config(&cert_path, &cert_pem)
         .map_err(|err| format_err!("error writing certificate file - {}", err))?;
 
     Ok(())

src/config/node.rs

@@ -9,8 +9,8 @@ use proxmox::api::schema::{ApiStringFormat, ApiType, Updater};
 use proxmox_http::ProxyConfig;
 
 use pbs_buildcfg::configdir;
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
 use crate::acme::AcmeClient;
 use crate::api2::types::{
     AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
@@ -39,7 +39,7 @@ pub fn save_config(config: &NodeConfig) -> Result<(), Error> {
     config.validate()?;
 
     let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?;
-    crate::backup::replace_backup_config(CONF_FILE, &raw)
+    pbs_config::replace_backup_config(CONF_FILE, &raw)
 }
 
 #[api(

src/config/remote.rs

@@ -122,7 +122,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/config/sync.rs

@@ -118,7 +118,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/config/tape_encryption_keys.rs

@@ -19,7 +19,7 @@ use proxmox::tools::fs::file_read_optional_string;
 use pbs_api_types::Fingerprint;
 use pbs_datastore::key_derivation::KeyConfig;
 
-use crate::backup::open_backup_lockfile;
+use pbs_config::{open_backup_lockfile, replace_secret_config};
 
 mod hex_key {
     use serde::{self, Deserialize, Serializer, Deserializer};
@@ -135,7 +135,7 @@ pub fn save_keys(map: HashMap<Fingerprint, EncryptionKeyInfo>) -> Result<(), Err
     }
 
     let raw = serde_json::to_string_pretty(&list)?;
-    crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
+    replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
 }
 
 /// Store tape encryption key configurations (password protected keys)
@@ -148,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
     }
 
     let raw = serde_json::to_string_pretty(&list)?;
-    crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
 }
 
 /// Insert a new key

src/config/tape_job.rs

@@ -160,7 +160,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/config/tfa.rs

@@ -26,9 +26,9 @@ use proxmox::tools::uuid::Uuid;
 use proxmox::tools::AsHex;
 
 use pbs_buildcfg::configdir;
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
 use crate::api2::types::Userid;
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
 
 /// Mapping of userid to TFA entry.
 pub type TfaUsers = HashMap<Userid, TfaUserData>;

src/config/token_shadow.rs

@@ -8,7 +8,7 @@ use proxmox::tools::fs::CreateOptions;
 
 use crate::api2::types::Authid;
 use crate::auth;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 
 const LOCK_FILE: &str = pbs_buildcfg::configdir!("/token.shadow.lock");
 const CONF_FILE: &str = pbs_buildcfg::configdir!("/token.shadow");
@@ -33,7 +33,7 @@ fn read_file() -> Result<HashMap<Authid, String>, Error> {
 }
 
 fn write_file(data: HashMap<Authid, String>) -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let options = CreateOptions::new()
         .perm(nix::sys::stat::Mode::from_bits_truncate(0o0640))
         .owner(backup_user.uid)

src/config/user.rs

@@ -119,7 +119,7 @@ pub fn cached_config() -> Result<Arc<SectionConfigData>, Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(USER_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
+    pbs_config::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
 
     // increase user cache generation
     // We use this in CachedUserInfo

src/config/verify.rs

@@ -116,7 +116,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
     let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
 }
 
 // shell completion helper

src/rrd/cache.rs

@@ -22,7 +22,7 @@ lazy_static!{
 /// Create rrdd stat dir with correct permission
 pub fn create_rrdb_dir() -> Result<(), Error> {
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let opts = CreateOptions::new()
         .owner(backup_user.uid)
         .group(backup_user.gid);

src/rrd/rrd.rs

@@ -303,7 +303,7 @@ impl RRD {
             std::slice::from_raw_parts(self as *const _ as *const u8, std::mem::size_of::<RRD>())
         };
 
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
         let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
         // set the correct owner/group/permissions while saving file
         // owner(rw) = backup, group(r)= backup

src/server/command_socket.rs

@@ -19,7 +19,7 @@ where
 {
     let path: PathBuf = path.into();
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let backup_gid = backup_user.gid.as_raw();
 
     let socket = UnixListener::bind(&path)?;

src/server/config.rs

@@ -142,7 +142,7 @@ impl ApiConfig {
         let path: PathBuf = path.into();
         if let Some(base) = path.parent() {
             if !base.exists() {
-                let backup_user = crate::backup::backup_user()?;
+                let backup_user = pbs_config::backup_user()?;
                 let opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
                 create_path(base, None, Some(opts)).map_err(|err| format_err!("{}", err))?;
             }

src/server/jobstate.rs

@@ -47,9 +47,9 @@ use proxmox::tools::fs::{
 };
 
 use pbs_systemd::time::{compute_next_event, parse_calendar_event};
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
 use crate::{
-    backup::{open_backup_lockfile, BackupLockGuard},
     api2::types::JobScheduleStatus,
     server::{
         UPID,
@@ -88,7 +88,7 @@ const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
 
 /// Create jobstate stat dir with correct permission
 pub fn create_jobstate_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let opts = CreateOptions::new()
         .owner(backup_user.uid)
         .group(backup_user.gid);
@@ -299,7 +299,7 @@ impl Job {
         let serialized = serde_json::to_string(&self.state)?;
         let path = get_path(&self.jobtype, &self.jobname);
 
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
         let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
         // set the correct owner/group/permissions while saving file
         // owner(rw) = backup, group(r)= backup

src/server/mod.rs

@@ -116,7 +116,7 @@ pub(crate) async fn notify_datastore_removed() -> Result<(), Error> {
 /// This exists to fixate the permissions for the run *base* directory while allowing intermediate
 /// directories after it to have different permissions.
 pub fn create_run_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let opts = CreateOptions::new()
         .owner(backup_user.uid)
         .group(backup_user.gid);

src/server/worker_task.rs

@@ -24,7 +24,7 @@ use super::{UPID, UPIDExt};
 use crate::server;
 use crate::tools::{FileLogger, FileLogOptions};
 use crate::api2::types::{Authid, TaskStateType};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
 macro_rules! taskdir {
     ($subdir:expr) => (concat!(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!(), "/tasks", $subdir))
@@ -159,7 +159,7 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option<TaskStat
 pub fn create_task_log_dirs() -> Result<(), Error> {
 
     try_block!({
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
         let opts = CreateOptions::new()
             .owner(backup_user.uid)
             .group(backup_user.gid);
@@ -354,7 +354,7 @@ pub fn rotate_task_log_archive(size_threshold: u64, compress: bool, max_files: O
 // new_upid is added to the list when specified.
 fn update_active_workers(new_upid: Option<&UPID>) -> Result<(), Error> {
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
 
     let lock = lock_task_list_files(true)?;
 
@@ -611,7 +611,7 @@ impl WorkerTask {
 
         path.push(format!("{:02X}", upid.pstart & 255));
 
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
 
         create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?;
 

src/tape/changer/mod.rs

@@ -483,7 +483,7 @@ fn save_changer_state_cache(
 
     let state = serde_json::to_string_pretty(state)?;
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
     let options = CreateOptions::new()
         .perm(mode)

src/tape/drive/mod.rs

@@ -553,7 +553,7 @@ pub fn set_tape_device_state(
     let mut path = PathBuf::from(crate::tape::DRIVE_STATE_DIR);
     path.push(drive);
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
     let options = CreateOptions::new()
         .perm(mode)
@@ -612,7 +612,7 @@ fn open_device_lock(device_path: &str) -> Result<std::fs::File, Error> {
     let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
     path.push(lock_name);
 
-    let user = crate::backup::backup_user()?;
+    let user = pbs_config::backup_user()?;
     let options = CreateOptions::new()
         .perm(Mode::from_bits_truncate(0o660))
         .owner(user.uid)

src/tape/inventory.rs

@@ -40,6 +40,7 @@ use proxmox::tools::{
 };
 
 use pbs_systemd::time::compute_next_event;
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 
 use crate::{
     api2::types::{
@@ -48,7 +49,6 @@ use crate::{
         MediaStatus,
         MediaLocation,
     },
-    backup::{open_backup_lockfile, BackupLockGuard},
     tape::{
         TAPE_STATUS_DIR,
         MediaSet,
@@ -174,7 +174,7 @@ impl Inventory {
             // We cannot use chown inside test environment (no permissions)
             CreateOptions::new().perm(mode)
         } else {
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
             CreateOptions::new()
                 .perm(mode)
                 .owner(backup_user.uid)

src/tape/media_catalog.rs

@@ -183,7 +183,7 @@ impl MediaCatalog {
     }
 
     fn create_basedir(base_path: &Path) -> Result<(), Error> {
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
         let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
         let opts = CreateOptions::new()
             .perm(mode)
@@ -217,7 +217,7 @@ impl MediaCatalog {
                 .create(create)
                 .open(&path)?;
 
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
             fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
                 .map_err(|err| format_err!("fchown failed - {}", err))?;
 
@@ -275,7 +275,7 @@ impl MediaCatalog {
             return Ok(file);
         }
 
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
         fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
             .map_err(|err| format_err!("fchown failed - {}", err))?;
 

src/tape/media_catalog_cache.rs

@@ -91,7 +91,7 @@ fn write_snapshot_cache(
         }
     }
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
     let options = CreateOptions::new()
         .perm(mode)

src/tape/media_pool.rs

@@ -16,9 +16,9 @@ use proxmox::tools::Uuid;
 
 use pbs_api_types::Fingerprint;
 use pbs_systemd::time::compute_next_event;
+use pbs_config::BackupLockGuard;
 
 use crate::{
-    backup::BackupLockGuard,
     api2::types::{
         MediaStatus,
         MediaLocation,

src/tape/mod.rs

@@ -71,7 +71,7 @@ pub const COMMIT_BLOCK_SIZE: usize = 128*1024*1024*1024; // 128 GiB
 
 /// Create tape status dir with correct permission
 pub fn create_tape_status_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
     let options = CreateOptions::new()
         .perm(mode)
@@ -86,7 +86,7 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
 
 /// Create drive lock dir with correct permission
 pub fn create_drive_lock_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
     let options = CreateOptions::new()
         .perm(mode)
@@ -101,7 +101,7 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
 
 /// Create drive state dir with correct permission
 pub fn create_drive_state_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
     let options = CreateOptions::new()
         .perm(mode)
@@ -116,7 +116,7 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
 
 /// Create changer state cache dir with correct permission
 pub fn create_changer_state_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
     let options = CreateOptions::new()
         .perm(mode)

src/tools/file_logger.rs

@@ -91,7 +91,7 @@ impl FileLogger {
             .open(&file_name)?;
 
         if options.owned_by_backup {
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
             nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
         }
 

src/tools/memcom.rs

@@ -38,7 +38,7 @@ impl Memcom {
 
     // Actual work of `new`:
     fn open() -> Result<Arc<Self>, Error> {
-        let user = crate::backup::backup_user()?;
+        let user = pbs_config::backup_user()?;
         let options = CreateOptions::new()
             .perm(Mode::from_bits_truncate(0o660))
             .owner(user.uid)

src/tools/subscription.rs

@@ -304,7 +304,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
         format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded)
     };
 
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
     let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
     let file_opts = CreateOptions::new()
         .perm(mode)