From 07a2b5f2d1d55854561f4f55f9c62bc820619c97 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Sun, 6 Oct 2024 09:40:42 +0900
Subject: [PATCH] :construction: borgbackup for paperless

---
 flake.nix                              |  1 +
 machines/chungus/service-paperless.nix | 32 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/flake.nix b/flake.nix
index 66dfb59..c5365fb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -236,6 +236,7 @@
               # backup key
               "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
               "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
+              "${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
             ];
           }
         )
diff --git a/machines/chungus/service-paperless.nix b/machines/chungus/service-paperless.nix
index 96adbfe..491cb6c 100644
--- a/machines/chungus/service-paperless.nix
+++ b/machines/chungus/service-paperless.nix
@@ -3,6 +3,7 @@
   pkgs,
   lib,
   nixos-artwork,
+  factsGenerator,
   ...
 }:
 {
@@ -50,4 +51,35 @@
       proxyWebsockets = true;
     };
   };
+
+  clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
+  clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
+
+  # backup
+  services.borgbackup.jobs."paperless-ngx" = {
+    paths = [ config.services.paperless.dataDir ];
+    repo = "root@orbi.bear:${config.networking.hostName}/paperless-borg-backup";
+    compression = "auto,lzma";
+    startAt = "daily";
+    encryption = {
+      mode = "repokey-blake2";
+      passCommand = "cat ${
+        toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
+      }";
+    };
+    environment = {
+      BORG_RSH = "ssh -i ${
+        toString
+          config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
+      }";
+      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
+    };
+    prune.keep = {
+      within = "10d"; # Keep all backups in the last 10 days.
+      weekly = 8; # Keep 8 additional end of week archives.
+      monthly = -1; # Keep end of month archive for every month
+    };
+    doInit = true;
+  };
+
 }